tirsdag 20. juli 2021

What is the Hafnium Microsoft hack and why has the UK linked it to China?

In March, tens of thousands of organisations around the world discovered their private internal discussions had been cracked open and lain bare by a group of Chinese hackers. Four previously undiscovered weaknesses in Microsoft’s Exchange software, known as “zero days” because of the amount of time the company had had to fix the flaws before they were exploited, lay behind the mass hack. The vulnerabilities, which affected software released from 2012 onwards, allowed the group to take permanent control of the corporate servers, siphoning emails, calendars, and anything else they desired.

Even fully updated systems were vulnerable, until Microsoft released emergency updates to fix the holes on 2 March, just three days before the hacking campaign was publicly disclosed by security journalist Brian Krebs.

The mass hack started on 28 February, with thousands of companies falling victim every hour before it was even possible for them to defend against it. Many more were hit in the days following Microsoft’s deployment of an emergency fix, since companies are often wary about installing security updates the same day they are published in case critical functionality breaks.