Cyber attackers are using Microsoft Exchange Server vulnerabilities to access Exchange server email accounts on an organization’s premises and install malware to facilitate long-term access to victim environments, the Microsoft Threat Intelligence Center announced yesterday.

It suspects a potentially state-sponsored group out of China called HAFNIUM is behind the campaign. According to Microsoft, Exchange Online is not affected.

“We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately to protect against these exploits and prevent future abuse across the ecosystem,” the center said.

John Riggi, AHA senior advisor for cybersecurity and risk, said, “This is another example, like the SolarWinds breach, of what is believed to be a sophisticated nation-state-supported actor seeking to compromise ubiquitous and fundamental third-party software services as a means for widespread penetration of entire sectors of the U.S. economy. It is also important to note for the health care sector that the HAFNIUM cyber adversary is specifically targeting infectious disease research, among other data. This is consistent with documented criminal cases of the Chinese government’s aggressive pursuit of U.S. medical research and innovation.”

For more information on nation-state cyber threats targeting health care or other cyber issues, contact Riggi at jriggi@aha.org.

Related News Articles

Blog
Are you aware that cyber adversaries target the health care sector the most of all critical infrastructure sectors? Hospitals and health systems in particular…
Headline
During the pandemic, there has been a dramatic increase in cyberattacks targeting hospitals and health systems, including disruptive ransomware attacks that…
Headline
The FBI and Department of Homeland Security today released recommendations to help organizations secure their networks from ongoing cyber threats from the…
Headline
The Russian Foreign Intelligence Service (SVR) continues to exploit five publicly known cyber vulnerabilities, the National Security Agency, Cybersecurity and…
Blog
A panel of rural health care experts and other health care leaders assembled by the AHA and the Black Coalition Against COVID-19 convened April 21 at 7 p.m. ET…
Headline
As health care organizations increasingly use telehealth during the COVID-19 pandemic and beyond, the Healthcare and Public Health Sector Coordinating Council…