Squirreled away on a cloud storage platform were five gigabytes of data that had been stolen during the previous three and half years from foreign ministries and energy companies by hacking their on-premises Microsoft Exchange servers. In all, Resecurity® researchers found documents and emails from six foreign ministries and eight energy companies in the Middle East, Asia and Eastern Europe.
The attacks, which haven’t been previously reported, served as a prequel to a remarkably similar, widely publicized hack of Microsoft Exchange servers from January to March of this year, according to Resecurity®. A person familiar with the investigation into the 2021 attack, who wasn’t authorized to speak publicly and requested anonymity, made a similar allegation, saying the data theft discovered by Resecurity® followed the same methods. The 2021 hack was extraordinary for its scope, infecting as many as 60,000 global victims with malware.
Microsoft quickly pinned the 2021 cyberattack on a group of Chinese state-sponsored hackers it named Hafnium, and the U.S., U.K., and their allies made a similar claim last month, attributing it to hackers affiliated with the Chinese government.
Resecurity® can’t say for sure the attacks were perpetrated by the same group. Even so, the cache of documents contained information that would have been of interest to the Chinese government, according to Gene Yoo, Resecurity®’s chief executive officer. The person familiar said the victims selected by the hackers and type of intelligence gathered by attackers also pointed to a Chinese operation... Please continue the article at the source