Skip to main content
Canada’s most-awarded newsroom for a reason
Enjoy unlimited digital access
$1.99
per week
for 24 weeks
Canada’s most-awarded newsroom for a reason
$1.99
per week
for 24 weeks
// //

A China-linked cyberespionage group has been remotely plundering e-mail inboxes using freshly discovered flaws in Microsoft Corp. mail server software, the company and outside researchers said on Tuesday – an example of how commonly used programs can be exploited to cast a wide net online.

In a blog post, Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software and was the work of a group it dubs HAFNIUM, which it described as a state-sponsored entity operating out of China.

In a separate blog post, cybersecurity firm Volexity said that in January it had seen the hackers use one of the vulnerabilities to remotely steal “the full contents of several user mailboxes.” All they needed to know were the details of Exchange server and of the account they wanted to pillage, Volexity said.

Story continues below advertisement

China opposes all forms of cyberattacks, Chinese Foreign Ministry spokesman Wang Wenbin said at a news briefing in Beijing on Wednesday.

“China wishes relevant media and companies take a professional and responsible attitude, and base characterizations of cyberattacks on ample evidence, rather than groundless guesses and accusations,” he said.

Ahead of the Microsoft announcement, the hackers’ increasingly aggressive moves began to attract attention across the cybersecurity community.

Mike McLellan, director of intelligence for Dell Technologies Inc’s Secureworks, said ahead of the Microsoft announcement that he had noticed a sudden spike in activity touching Exchange servers overnight on Sunday, with around 10 customers affected at his firm.

Microsoft’s suite of products has been under scrutiny since the hack of SolarWinds, the Texas-based software firm that served as a springboard for several intrusions across government and the private sector. In other cases, hackers took advantage of the way customers had set up their Microsoft services to compromise their targets or dive further into affected networks.

Hackers who went after SolarWinds also breached Microsoft itself, accessing and downloading source code – including elements of Exchange, the company’s e-mail and calendaring product.

Mr. McLellan said that for now, the hacking activity he had seen appeared focused on seeding malicious software and setting the stage for a potentially deeper intrusion rather than aggressively moving into networks right away.

Story continues below advertisement

“We haven’t seen any follow-on activity yet,” he said. “We’re going to find a lot of companies affected but a smaller number of companies actually exploited.”

Microsoft said targets included infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and non-governmental groups.

Be smart with your money. Get the latest investing insights delivered right to your inbox three times a week, with the Globe Investor newsletter. Sign up today.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies