How China’s attack on Microsoft escalated into a “reckless” hacking spree



At first the Chinese hackers ran a careful campaign. For two months, they exploited weaknesses in Microsoft Exchange email servers, picked their targets carefully, and stealthily stole entire mailboxes. When investigators eventually caught on, it looked like typical online espionage—but then things accelerated dramatically.

Around February 26, the narrow operation turned into something much bigger and much more chaotic. Just days later, Microsoft publicly disclosed the hacks—the hackers are now known as Hafnium—and issued a security fix. But by then attackers were looking for targets across the entire internet: in addition to tens of thousands of reported victims in the US, governments around the world are announcing that they were compromised too. Now at least 10 hacking groups, most of them government-backed cyber-espionage teams, are exploiting the vulnerabilities on thousands of servers in over 115 countries, according to the security firm ESET.

Author(s): Patrick Howell O’Neill

Publication Date: 10 March 2021

Publication Site: MIT Technology Review