Details
Based on the full Microsoft blog, released on 02/03/2021, Microsoft explain the details of the exploit, which it describes as “critical”, and urges users to patch their software.
They continue to explain, “in the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.”
HAFNIUM is an organisation that Microsoft says have previously exploiting vulnerabilities in other systems in order to gain control of them and have targeted other Microsoft products in the past.
For full details and to read the technical details from Microsoft please visit https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/