in , ,

Microsoft Shares Info on Nation-State Actor ‘Hafnium’

Cyber threat against US entities
Cyber threat, against US entities

Microsoft has found that a state-sponsored threat actor operating from China, called Hafnium, is targeting U.S. defense contractors, law firms, policy think tanks, infectious disease researchers and other entitles to steal data by compromising on-premises Exchange Server software.

Tom Burt, corporate vice president for customer security and trust at Microsoft, wrote in a blog post published Tuesday that the Microsoft Threat Intelligence Center discovered that Hafnium carried out its operations through U.S.-based leased virtual private servers.

Hafnium uses three steps to carry out its attacks: gaining access to a server using undetected vulnerabilities and stolen passwords, creating a web shell to remotely control the compromised server and exfiltrating data using remote access.

The company issued security updates to help clients running Exchange Server to protect themselves against Hafnium-led attacks and informed U.S. government agencies on the threat actor’s activity.

Burt noted that Microsoft worked with researchers from Dubex and Volexity to address the cyber threat posed by Hafnium.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Cybersecurity News

mm

Written by Jane Edwards

is a staff writer at Executive Mosaic, where she writes for ExecutiveBiz about IT modernization, cybersecurity, space procurement and industry leaders’ perspectives on government technology trends.

Virginia-class Montana submarine
HII Brings Montana Submarine to Newport News Pier for Final Testing
Research Support Services Books $78M CDC Contract for Cognitive Interviewing Studies - top government contractors - best government contracting event
Research Support Services Books $78M CDC Contract for Cognitive Interviewing Studies