Hackers targeted Microsoft Exchange servers of foreign ministries and energy companies over a three-year period. In total they managed to steal five gigabytes of data, including diplomatic cables and passwords.
Last March, Microsoft revealed that a Chinese hacker group dubbed Hafnium had successfully infiltrated its Exchange servers, compromising the data of more than 100,000 companies. However, this is not the first time. Bloomberg unveiled a similar case, discovered by cybersecurity firm Resecurity late last year.
This time, the attack was more targeted, targeting foreign ministries in Bahrain, Iraq, Turkey, Oman, Egypt and Jordan, as well as eight companies in the industry.energy in the Middle East, Asia and Eastern Europe. Resecurity discovered a total of five gigabytes of data placed in an online storage service from servers Microsoft Exchange hacked.
Diplomatic cables and stolen passwords
The stolen data was collected in a series of attacks over a three-year period, between 2017 and 2020. It contained documents and emails, including diplomatic cables. For example, an internal memo from a Bahraini diplomat reports a meeting with Chinese diplomats in the context of a possible United Nations special session on the treatment of Uighurs. The Chinese recalled that their country had defended Bahrain in terms of human rights. Other emails contained sensitive information like identifiers and Passwords which could have been used to infiltrate the internal networks of the ministries and firms concerned.
Resecurity did not name those responsible for these attacks. However, the researchers indicate that the choice of targets suggests a Chinese operation, and that the methods used are substantially the same as the group Hafnium…
Interested in what you just read?