On Tuesday, Microsoft set off alarm bells after finding Chinese cyber-espionage operators chaining several zero-day exploits to drain off e-mail data from corporate Microsoft Exchange servers.
Redmond’s warning comprises the release of emergency out-of-band fixes for four distinct zero-day flaws that shaped part of the hacker’s arsenal.
The software giant laid the blame on a sophisticated Chinese APT operator called HAFNIUM that operates from leased VPS (virtual private servers) in the United States.
HAFNIUM mainly targets companies in the U.S. across many industry sectors, including communicable disease experts, law companies, higher education institutions, defense workers, policy think tanks, and NGOs.
Microsoft said its experts evaluate with high confidence that HAFNIUM is state-sponsored and operating out of China, based on experiential victimology, strategies and procedures.
Overall, Microsoft said the invader chained four zero-days into a malware cocktail targeting its Exchange Server (Outlook Web App) product. The flaws unveiled Microsoft’s customers to remote code execution attacks, without requiring verification.