image credit: pixabay
On March 2, 2021 Microsoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server.
Over the next few days, over 30,000 organizations in the US were attacked as hackers used several Exchange vulnerabilities to gain access to email accounts and install web shell malware, giving the cybercriminals ongoing administrative access to the victims’ servers.
On the same day, Microsoft announced they suspected the attacks were carried out by a previously unidentified Chinese hacking group they dubbed Hafnium. According to the Microsoft Threat Intelligence Center (MSTIC), Hafnium is suspected to be state-sponsored and operating out of China, primarily targeting organizations in the United States across multiple industry segments and operating primarily via leased virtual private servers (VPSs) in the U.S.
