What is the Hafnium email attack?

By William Smith
The attacker, which Microsoft is calling Hafnium, exploits flaws and stolen passwords to steal data from the networks of targets...

Last week, we detailed how the latest in a series of escalating cyberespionage events has come to light, this time involving a hack on Microsoft’s Exchange email software.

The attacker, which Microsoft is calling Hafnium, exploits flaws and stolen passwords to steal data from the networks of targets - with thousands potentially affected. Microsoft not only said that the attackers were state-sponsored, but explicitly named the culprit: China. This places the attack in the broader context of escalating cyberwarfare between nation states.

The race to fix the exploit

Microsoft’s response was to issue a patch and publicise the information it had collected on the exploit, yesterday releasing data on “malware hashes and known malicious file paths” that had been observed in the attacks.

Microsoft’s Tom Burt - Corporate Vice President, Customer Security & Trust, last week said: "Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack."

White House National Security Advisor Jake Sullivan duly tweeted: “We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP”.

The cyber cold war heats up

The attack comes not so very long after the last such incident in December of last year, when the likes of the US federal government, Microsoft, SolarWinds and VMware all fell prey to a huge state-sponsored cyber attack. The attack involved a vulnerability in SolarWinds’ Orion platform as well as stolen assessment tools from FireEye, with suspicion ultimately falling on Russia.

Share

Featured Articles

ICYMI: Space blockchains and 6G predictions for the future

A week is a long time in tech, so here are some of Technology Magazine’s most popular articles which have been starting conversations around the world

Christine Kosmowski: growth mindset and hands-on leadership

Christina Kosmowski, CEO of LogicMonitor, discusses maintaining a growth mindset and the importance of maintaining accountability as a leader

ICANN’s Coalition to help build a better Internet for Africa

Domain name corporation ICANN is leading a group of African technology organisations to help bring security and reliability to the continent’s networks

Accelerate outcomes and cut waste with IT Asset Management

Enterprise IT

Tech leaders already looking to build back from recession

Digital Transformation

Robot dining staff on call to help care in the community

Digital Transformation