MaxKabakov / Getty Images Microsoft has released emergency patches for four previously unknown vulnerabilities in Exchange Server that a cyberespionage group was exploiting to break into organizations. The flaws allow the extraction of mailbox contents and the installation of backdoors on vulnerable servers. Microsoft attributes the attacks to a Chinese APT group dubbed Hafnium that has a history of exploiting vulnerabilities in internet-facing servers and targeting Office 365 users. The group has targeted entities in the US including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs. Authentication bypass The attacks were initially spotted in January by researchers from security firm Volexity after observing unusual connections and data transfers to suspicious IP addresses from the Exchange servers of some of its customers. A subsequent investigation revealed suspicious POST requests to legitimate resources on the Exchange servers, leading the researchers to suspect they had been backdoored.