After admitting that its source code related to its windows operating system could have been stolen in SolarWind hack of 2020, tech giant Microsoft has issued a fresh warning that a cyber attack apparently originating from China could have taken down some of its Exchange Server software using customers across the world.
The warning was issued just when the Cyber security wing of India announced that there was a possible infiltration made by Chinese intelligence on a power grid in Mumbai that could have otherwise started a power blackout in whole of south India in Oct 2020.
Hafnium is the hacking group that could have targeted the Exchange Servers operating at the premises of some defense contractors, educational institutes, law firms, research laboratories, and some financial institutions operating across the world says Microsoft.
What interests in this update of Microsoft is that Hafnium is said to conduct operations on a virtual note through servers functioning in United States and has gained access to the Exchange Server either through stolen passwords available on dark web or by some pre-discovered vulnerabilities. And the threat actors involved in such cyber threats are also capable of remotely controlling the victimized server only to use it as bots in future attacks.
Therefore, all Exchange Server customers are being urged to apply the latest fix that was rolled out by Microsoft at the end of Feb’2021.
Note- Microsoft Exchange Server is being used for mail and calendaring events since 1996. Earlier, it was using a MAPI protocol to talk to email clients and has now evolved to add POP3, IMAP, and EAS proprietary protocols. The email related software that works only with Windows Server operating system is licensed as both on-premise and software as a service software.