Microsoft blames Chinese cyber-espionage group for attacks on its server software.
The technologists said the hackers belonged to a group, which was is “highly skilled and sophisticated actor”.
Microsoft said the hacking campaign made use of four undetected vulnerabilities in different versions of the software.
The security flaws allowed the hackers to remotely plunder email inboxes.
Microsoft’s Threat Intelligence Centre attributed the attacks with “high confidence” to Hafnium, a group assessed to be state-sponsored and operating out of China.
they said Hafnium targets infectious disease researchers, law firms, higher education institutions and defense contractors.
Policy think tanks and non-governmental groups have also been targeted.
This is the eighth time in the past 12 months that Microsoft has publicly disclosed nation-state groups targeting institutions critical to civil society.
though Hafnium is based in China, it conducts its operations primarily from leased virtual private servers in the US, Microsoft said.
Separately, Microsoft said it has noticed Hafnium communicating with users of its Office 365 suite.
The company has released software updates aimed at addressing the vulnerabilities in its software.