A recent cyberattack on US infrastructure has been traced back to a group of hackers based in China, according to Microsoft. The company said that the hackers exploited a vulnerability in its Exchange Server software, which is used by many organizations to manage their email and calendar services. The attack affected tens of thousands of customers in the US, including local governments, schools, businesses and nonprofits.
Microsoft said that the hackers were part of a state-sponsored group called Hafnium, which operates from leased virtual private servers in the US. The company said that Hafnium primarily targets entities in the US across a number of industry sectors, stealing information such as infectious disease research, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.
The company said that it has released security updates to fix the vulnerability and urged customers to apply them as soon as possible. It also said that it is working closely with the US government and other partners to investigate and respond to the attack.
Microsoft said that the attack was not related to the SolarWinds hack, which was attributed to Russian hackers and compromised several US federal agencies and private companies. The company said that the two attacks used different methods and had different objectives.
