New Blog Post | HAFNIUM targeting Exchange Servers with 0-day exploits

Microsoft

 

HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security

Author(s): 

  • Microsoft Threat Intelligence Center (MSTIC)
  • Microsoft 365 Defender Threat Intelligence Team
  • Microsoft 365 Security

1614719677817.png

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.

0 Replies