WASHINGTON—A China-linked cyber-espionage group has been remotely plundering email inboxes using freshly discovered flaws in Microsoft mail server software, the company and outside researchers said on Tuesday—an example of how commonly used programs can be exploited to cast a wide net online.
In a blog post, Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software and was the work of a group it dubs HAFNIUM, which it described as a state-sponsored entity operating out of China.
