Israel’s Cyber Authority on Wednesday warned Microsoft email users to patch a vulnerability being exploited by a Chinese-sponsored outfit. The warning came less than a day after Microsoft informed its customers about the hacking danger.
Microsoft revealed late Tuesday that it had sustained a large-scale cyber attack.
The Israel National Cyber Directorate quoted Microsoft’s description of the vulnerabilities as “grave and easily exploitable.”
Microsoft urged users not to delay in updating Exchange Server to fix four vulnerabilities in the program.
Microsoft’s corporate vice president Tom Burt identified Hafnium as the group suspected of the hacking based on the methods employed.
Burt explained that Hafnium first “would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access.”
Then Hafnium “would create what’s called a web shell to control the compromised server remotely,” and finally, it used “that remote access – run from the U.S.-based private servers – to steal data from an organization’s network.”