Microsoft announced that its common email system was attacked on Tuesday.

Based on the manner of the hacking operation, Microsoft experts believe that the attack was performed by a hacking group called Hafnium, thought to be sponsored by the Chinese government.

The group reportedly utilized defects in the Microsoft system to mostly target U.S. organizations and individuals working in the fields such as law, higher education, policymaking, and infectious disease research.

In a public statement, Microsoft explained that the group used ‘0-day exploits’ to attack Microfost Exchange servers that were on-premises based.

The tech company said that the action enabled hackers to enter email accounts and install software that would continuously collect data from these accounts.


Microsoft experts said that Hafnium has previously infiltrated online servers and open-source frameworks such as Covenant, usually using file storing websites like Mega to pull data out from their targets.

In attacking their victims, Hafnium hackers usually installed the so-called ‘web shells’ to extract data and perform other harmful actions.

In response to the attack, Microsoft encouraged its users to upgrade the server they use.

The company believes this to be an adequate measure to prevent further attacks by fixing the most vulnerable points in the system.

One among other attacks

The recent attack is only one among several other attacks Microsoft has faced in a year.


According to the company’s customer trust and security vice president Tom Burt, Microsoft identified eight assaults by state-backed organizations.

The attacks were mostly aimed at civil society organizations, anti-COVID-19 groups, and participants in the events surrounding the 2020 U.S. general election.

Burt provided an example of the 2020 SolarWind hacking attack on several governmental and private organizations from the U.S.

The assault is thought to be executed by several hacking groups (such as Berserk Bear and Cozy Bear) supported by the Russian government.

However, the vice president expressed his confidence that there is no evidence of any relationship between these attacks and the more recent Hafnium attack.

He assured Microsoft customers that the organization reacted quickly enough to prevent more damage from the Hafnium attack, adding that the U.S. government has been thoroughly informed about the event.