Microsoft issues warning as China’s hackers break into email accounts

<p>
Microsoft has issued a warning to its software users that a Chinese state-sponsored hackers group known as HAFNIUM has gained access to email accounts and installed additional malware in what is turning out to be part of a worldwide espionage campaign of the fiercely ambitious Xi Jinping regime.</p>
<p>
In a joint blog post the Microsoft Threat Intelligence Center, Microsoft 365 Defender Threat Intelligence Team and Microsoft 365 Security have said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the mail server software. The company has urged customers to update all on-premises Exchange servers immediately. Microsoft also confirmed that Exchange Online does not appear to be affected at this point.</p>
<p>
In another blog post, cyber-security firm Volexity has said that in January it had seen the hackers use one of the vulnerabilities to remotely steal “the full contents of several user mailboxes. All they needed to know were the details of Exchange server and of the account they wanted to pillage,” the company said.</p>
<p>
Microsoft disclosed that the targets included infectious disease researchers, higher education institutions, defence contractors, policy think tanks, law firms and non-governmental groups.</p>
<p>
<strong>Indian targets on China’s spying radar</strong></p>
<p>
The news comes close on the heels of another Chinese state-backed hacking group targeting, in recent weeks, the IT systems of Indian Covid vaccine makers Serum Institute of India and Bharat Biotech with the aim of stealing research data.</p>
<p>
According to cyber intelligence firm Cyfirma, Chinese hacking group APT10, also known as Stone Panda, had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII), the world’s largest vaccine maker.</p>
<p>
Goldman Sachs-backed Cyfirma, based in Singapore and Tokyo with large operations in Bengaluru, said the cyber attacks were aimed at stealing Covid vaccine research data, patient info, clinical trials data, supply chain and vaccine production information.</p>
<p>
India has shot ahead of China at the world centre stage in vaccine making and a desperate Beijing appears to be out to change this situation.</p>
<p>
Another China state-sponsored hackers group RedEcho is still trying to pick up information from the IT network system of an Indian sea port, according to US firm Recorded Future. “As of Tuesday, Recorded Future could see a 'handshake' — indicating an exchange of traffic — between a China-linked group and an Indian maritime port,” said Stuart Solomon, the firm's chief operating officer.</p>
<p>
The development also comes at a time when a new study published in the US last week concluded that the huge power failure in Mumbai that took place in October last year disrupting normal life in India’s commercial capital was caused by Chinese state-sponsored hackers who planted malware in the power control systems.</p>
<p>
The massive power failure in Mumbai had brought local trains to halt and the stock markets had to be shut while hospitals were forced to switch to emergency generators to keep ventilators running amid the surge in coronavirus. </p>
<p>
The intrusions into India’s critical infrastructure have been occurring since at least the middle of last year, according to Recorded Future, amid the military build-up between the two countries on the Ladakh border.</p>
<p>
According to a report in the New York Times, the study shows that as the military face-off continued in Ladakh, Chinese malware was flowing into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant.</p>