Microsoft says Chinese hackers have exploited the errors to target American companies

Microsoft says it has released security upgrades to address vulnerabilities in Exchange Server software, which is used for work and calendar email services, especially for larger organizations that have their own email servers in person. It does not affect personal email accounts or Microsoft cloud-based services.

The company said the hacking group Hafnium managed to trick Exchange servers into allowing it access. The hackers then disguised themselves as someone who should have access and created a way to control the server remotely so that they could steal data from an organization’s network.

Microsoft said the group is headquartered in China, but operates from virtual private servers leased to the United States, which helps it avoid detection.

The company declined to name any specific targets or say how many organizations were affected.

Cyber ​​security company Volexity, based in Reston, Virginia, which Microsoft credits for helping detect intrusions, said its network security monitoring service began taking over a suspiciously large data transfer at the end of the month. January.

“They only download e-mails, they literally go to the city,” said Steven Adair, president of Volexity, who said the targets included “defense contractors, international aid and development organizations, the NGO think tank.”

Adair said he was worried that hackers would speed up their work in the coming days before organizations could install Microsoft security updates.

“As bad as it is now, I think it’s about to get worse,” he said. “This gives them a limited amount of opportunities to go and exploit something. The patch will not fix it if they leave the back door ”.