What is the Hafnium email attack?

By William Smith
The attacker, which Microsoft is calling Hafnium, exploits flaws and stolen passwords to steal data from the networks of targets...

Last week, we detailed how the latest in a series of escalating cyberespionage events has come to light, this time involving a hack on Microsoft’s Exchange email software.

The attacker, which Microsoft is calling Hafnium, exploits flaws and stolen passwords to steal data from the networks of targets - with thousands potentially affected. Microsoft not only said that the attackers were state-sponsored, but explicitly named the culprit: China. This places the attack in the broader context of escalating cyberwarfare between nation states.

The race to fix the exploit

Microsoft’s response was to issue a patch and publicise the information it had collected on the exploit, yesterday releasing data on “malware hashes and known malicious file paths” that had been observed in the attacks.

Microsoft’s Tom Burt - Corporate Vice President, Customer Security & Trust, last week said: "Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack."

White House National Security Advisor Jake Sullivan duly tweeted: “We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP”.

The cyber cold war heats up

The attack comes not so very long after the last such incident in December of last year, when the likes of the US federal government, Microsoft, SolarWinds and VMware all fell prey to a huge state-sponsored cyber attack. The attack involved a vulnerability in SolarWinds’ Orion platform as well as stolen assessment tools from FireEye, with suspicion ultimately falling on Russia.


Featured Articles

How digital twins unlock enterprises’ sustainability efforts

With sustainability increasingly on corporate and government agendas, over half of enterprises believing digital twin technology is critical to ESG efforts

Avast: Cybercriminals use common apps to lure victims

Two out of three cyber threats now leverage social engineering, with attackers using common applications from Microsoft and Adobe to distribute malware

World Password Day: Study shows enthusiasm for passwordless

Over half of global respondents told a study that they are excited about passwordless authentication options like biometrics, passkeys, or security keys

SAP to accelerate AI innovation with IBM Watson

AI & Machine Learning

Half of organisations fell victim to ransomware attacks

Cloud & Cybersecurity

Nike and Cognizant expand their relationship into technology

Digital Transformation