A recent article coming directly from Microsoft, released on March 2nd, highlights how a hacker group from China has been trying to seize control over Microsoft Exchange Servers worldwide, at least 30,000 in the US alone, so far.
It notable that Microsoft’s article reports they have “detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.”
Other recent updates from the tech giant on 03/04 and 03/05 address the Scan Exchange log files for indicators of compromise and Microsoft Exchange Server Vulnerabilities Mitigations, respectably.
Who is HAFNIUM?
Hafnium is a lustrous, silvery-gray metal. It was named after the Latin word for Copenhagen: Hafnia. The connection between the metal or its name and the hacker group is to be determined.
What is known is that these bad guys primarily target entities in the United States across several industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, and NGOs – as Microsoft investigation reports. The hacker group operates primarily from leased virtual private servers (VPS) in the US.
Sequentur clients are not affected by this situation as we keep providing reliable, robust, and secure Managed IT Services in Florida, the East Coast, and nationwide. Contact us today to know more.
Microsoft Article – worth checking for technical details, attack details, patch levels of Exchange Server, and other Tech info.