Microsoft Issues Warning Over HAFNIUM Exploit

Microsoft has released details of an attack named HAFNIUM which is targeting unpatched, on-premise versions of Microsoft Exchange. Microsoft say that they have detected “multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.”

The result of these attacks could lead to a loss of data or exposure to malware (such as ransomware) but, ultimately, the exploit provides the hacker with ability to run any code they wish, as if they were on the server itself.

We strongly advise any business using the on-premise version of Microsoft Exchange to upgrade their system using the latest update including all security updates from Microsoft, which is not part of the normal release schedule and is available here – Microsoft Exchange Exploit Details.

Please note: We will be contacting all of our customers who we believe could be at risk of this exploit to take necessary action, but please contact us if you are concerned that you may be affected.

Details

Based on the full Microsoft blog, released on 02/03/2021, Microsoft explain the details of the exploit, which it describes as “critical”, and urges users to patch their software.

They continue to explain, “in the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.”

HAFNIUM is an organisation that Microsoft says have previously exploiting vulnerabilities in other systems in order to gain control of them and have targeted other Microsoft products in the past.

For full details and to read the technical details from Microsoft please visit https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

The HBP GroupWho Are We?

Our organisation consists of three businesses; HBP Systems Ltd. Kamarin Computers Ltd and Jugo Systems. HBP are based in Lincolnshire, Kamarin in Cambridgeshire and Jugo in Hampshire. Between us we cover the vast majority of the UK and work under The HBP Group name to provide a seamless service between our northern and southern offices.

About Us

We specialise in providing IT solutions and support to businesses to ensure they use technology effectively and efficiently and can focus on what they do best – running their business.

The HBP Group Structure showing HBP Systems, Kamarin Computers and Jugo Systems

Author: HBP Admin

Published on: March 3, 2021

Categories: Article

Tags: advice, blog, hafnium