1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Microsoft says China-backed hackers targeted US firms

March 3, 2021

Microsoft said hackers exploited a bug in its email server software, which affected organizations rather than private accounts.

The cybersecurity community has noticed the attack before Microsoft's announcement
The cybersecurity community has noticed the attack before Microsoft's announcementImage: Nicolas Asfouri/AFP/Getty Images

A China-backed group of hackers exploited a flaw in Microsoft's email server software to target US-based institutions, the company said on Tuesday. 

The group, operating from China, reportedly tried to hack information from several US targets, including infectious-disease researchers, law firms, universities and non-governmental organizations. 

Microsoft said the group was "highly skilled and sophisticated," which the company dubbed "HAFNIUM."

The US company said it has introduced security upgrades to tackle the issue.

How did the hack happen? 

Microsoft said HAFNIUM tricked Microsoft's Exchange Servers into allowing it to gain access.

Organizations typically use the Exchange Server software for work email and calendar services. Therefore, the hack does not affect personal email accounts or Microsoft's cloud-based services.

The hackers allegedly used leased virtual private servers in the US to avoid detection, although it is based in China. 

According to Microsoft, the group impersonated someone who would have access to the targeted servers and controlled them remotely to hack information from the organizations' networks. 

The company did not provide information on the number of organizations affected or their names.

Russian cyberespionage comes to Germany

02:08

This browser does not support the video element.

Cybersecurity community detects the hack 

Volexity, a Virginia-based cybersecurity firm that Microsoft previously said helped it detect intrusions, said on Twitter that it monitored suspicious activity since January. 

Steven Adair, Volexity's president, warned that the hackers could escalate their activity before organizations install Microsoft's security upgrades.

"As bad as it is now, I think it's about to get a lot worse," he said, according to the Associated Press. 

Mike McLellan, director of intelligence for Dell Technologies Inc's Secureworks, also told Reuters that he had detected a spike in activity touching Exchange servers on Sunday.

He said the hacking activity seemed to focus on preparing for a potentially deeper intrusion rather than immediately moving into targeted networks, according to Reuters.

Hackers repeatedly target the US

The US has tried to strengthen its cybersecurity after repeated espionage over the years. 

Last year, then-President Donald Trump accused China of a massive hack that targeted US government networks, contradicting top diplomats who pointed to Russia. 

In 2013, a US-based cybersecurity company reported around 150 incidents of hacking, which it said the Chinese military carried out. 

But China has consistently denied such allegations. 

How did hackers compromise US government agencies?

05:57

This browser does not support the video element.

fb/sri (AP, Reuters)  

Skip next section DW's Top Story

DW's Top Story

Skip next section More stories from DW