Forum Discussion
JasonCohen1892
Microsoft
Mar 02, 2021New Blog Post | HAFNIUM targeting Exchange Servers with 0-day exploits
HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security
Author(s):
- Microsoft Threat Intelligence Center (MSTIC)
- Microsoft 365 Defender Threat Intelligence Team
- Microsoft 365 Security
 
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.
No RepliesBe the first to reply