What is the Hafnium email attack?

Last week, we detailed how the latest in a series of escalating cyberespionage events has come to light, this time involving a hack on Microsoft’s Exchange email software.

The attacker, which Microsoft is calling Hafnium, exploits flaws and stolen passwords to steal data from the networks of targets - with thousands potentially affected. Microsoft not only said that the attackers were state-sponsored, but explicitly named the culprit: China. This places the attack in the broader context of escalating cyberwarfare between nation states.

The race to fix the exploit

Microsoft’s response was to issue a patch and publicise the information it had collected on the exploit, yesterday releasing data on “malware hashes and known malicious file paths” that had been observed in the attacks.

Microsoft’s Tom Burt - Corporate Vice President, Customer Security & Trust, last week said: "Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack."

White House National Security Advisor Jake Sullivan duly tweeted: “We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP”.

The cyber cold war heats up

The attack comes not so very long after the last such incident in December of last year, when the likes of the US federal government, Microsoft, SolarWinds and VMware all fell prey to a huge state-sponsored cyber attack. The attack involved a vulnerability in SolarWinds’ Orion platform as well as stolen assessment tools from FireEye, with suspicion ultimately falling on Russia.