Bringing cybersecurity globally to critical and complex key activities
ATK233 (aka HAFNIUM by Microsoft) is the group designated as responsible for the Microsoft Exchange server data breach in 2021.
The latter announces that he is "state sponsored and operating out of China".
According to the investigative results of Microsotf (the main informant on this group), they are based in China but mainly use virtual private servers based in the United States.
Their target during this campaign will have been infectious disease researchers, law firms, higher education institutions, defense entrepreneurs, policy think tanks and NGOs ”.
In July 2021, British Foreign Secretary Dominic Raab said the attack was carried out by “Chinese state-backed groups” linked to the Ministry of State Security (MSS). The Chinese government has denied responsibility for the Microsoft breach in 2021.
The group is described as "highly skilled and sophisticated".
https://blog.talosintelligence.com/2021/03/hafnium-update.html
https://blog.talosintelligence.com/2021/03/threat-advisory-hafnium-and-microsoft.html
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
REFERENCES