On March 2, Microsoft revealed a critical cybersecurity offensive launched by a foreign adversary against organizations in the United States. The company attributed the attacks to a Chinese advanced persistent threat group it calls Hafnium. Microsoft quickly announced patches for the four previously unknown vulnerabilities in Exchange Server that the malicious actors had exploited.
Reports circulated last week that the hackers compromised at least 30,000, and likely hundreds of thousands, of unpatched Exchange servers. As a consequence, incident responders are working around the clock responding to this latest threat, which they consider an actual attack on public and government IT infrastructure, unlike the still-ongoing, primarily espionage-oriented SolarWinds hack.