Chinese state-backed hackers target western businesses, governments using Microsoft email services

A Chinese state-backed hacker group known as Hafnium has launched cyberattacks against at least 60,000 users of Microsoft's email service globally, Fortune reports.

Many independent businesses have been targeted by the hackers, but other larger entities such as the European Banking Authority have more recently become victims of the cyberattacks. Governments have also been targeted by the hackers.

While Microsoft insists that the group receives Chinese state-backing, the government of China denies the allegations. According to the country's foreign ministry spokesman, China "firmly opposes and combats cyber attacks and cyber theft in all forms."

The hackers began by targeting a small number of private and governmental accounts since the beginning of January, although their targets have been described as high-value intelligence. The operation seems to have expanded dramatically earlier this month, however, with thousands of victims having their systems infiltrated by the hackers planting viruses which will allow later access.

Many of the most recent victims are small and medium-sized businesses and government agencies which do not have the same cybersecurity protections which larger agencies and businesses have. Schools have also reportedly been targeted by he hackers.

According to Milton Security Group founder Jim McMurry, the hacking "exacerbates an already bad situation" as many smaller businesses are "struggling already due to COVID shutdowns."

It is unclear if the sudden expansion in operations are committed by the same group, with some cybersecurity experts considering whether other groups have discovered the same flaw noticed by the Chinese hackers. Regardless, the hacking campaign has become so successful that the process of hacking computers has now become automated.

According to Microsoft, only users of their Exchange email system were affected by the hack. Those who use the Cloud system are not affected by the cyberattack.

Microsoft is now considering whether the hacks came as a result of leaked information from their own cybersecurity partners, according to a report from the Wall Street Journal.

Some of the methods used by the hackers apparently resemble "proof of concept" attack codes which Microsoft exchanged with their cybersecurity partners in late February. Such a leak could explain the dramatic expansion in operations which began in early March.

It would not be the first time that a partner of Microsoft leaked confidential cybersecurity information. In 2012, a Chinese company known as Hangzhou DPTech Technologies leaked proof-of-concept code, which Microsoft later found on a Chinese website.

The cyberattack comes just months after SolarWinds faced one of the world's largest cyberattacks in history. Russian hackers ran through SolarWinds's systems for months throughout 2020 without detection until the attack was revealed in December of that year. In a manner similar to the latest attack by Chinese hackers, the Russians managed to automate the hacking process as time went on.

The US government is reportedly planning a response to the cyberattack, including an executive order designed to boost domestic cybersecurity, retaliatory attacks against the Russians, and a new series of economic sanctions against the country.

While the government has not yet announced a plan to respond to the Chinese hackers, the Biden administration is reportedly taking the cyberattack seriously, launching an interagency cybersecurity coordination group to investigate the hack according to a National Security Council spokeswoman.