We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy.

Gravité Blog

Gravité has been serving the Victoria area since 2006, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

HAFNIUM Attacks Target Most Microsoft Exchange Servers

HAFNIUM Attacks Target Most Microsoft Exchange Servers

The recent discovery of four flaws in Microsoft’s Exchange Server software came too late to prevent a rash of stolen emails, but that doesn’t mean you need to remain vulnerable to this attack. Let’s go over the story so far, and how you can help protect your business.

HAFNIUM, and Their Actions

Back on January 5th, 2021, a security researcher at security testing firm DEVCORE operating under the nom de plume “Orange Tsai” reported a few issues that were discovered in Exchange Server. The same issues were reported on January 27th by the Danish firm Dubex, and on February 2nd by a firm called Volexity. All these reports alluded to what proved to be the actions of a hacking group in China that goes by “HAFNIUM.” HAFNIUM’s hacking efforts have been directed toward the email platforms used in many different organizations’ systems—including organizations classified as infectious disease researchers, defense contractors, institutions of higher education, law firms, think tanks, and civil societies/non-government organizations.

In total, it seems apparent that hundreds of thousands of organizations making use of Microsoft Exchange have been swept up in the attack, breached by HAFNIUM with backdoors left open for the hacking group’s convenience later on.

These breaches were originally directed against exclusively high-value targets, but have swiftly become far less discerning in who may be affected, with all encountered servers now taken over by the automated attacks. While these attacks have left the cloud-hosted Exchange servers untouched, a lot of the victims were using both on-site and cloud-hosted in tandem.

A patch was released on March 2nd that only protects against infiltration, leaving those who had already been infected to fend for themselves.

This is Now A Global Cybersecurity Crisis

With the patch in play, it is now a race between hackers and organizations to see who acts first—with either HAFNIUM infecting a target or that target patching their systems against them.

Too many have already lost to HAFNIUM, at this point.

Even worse, these patches won’t do anything to resolve an existing breach, necessitating a comprehensive network analysis to eliminate any sign of infection. With this event constituting a zero-day threat against all self-hosted instances of Outlook Web Access that had not been patched within that span of a few days, these activities need to be prioritized within every business if only to be certain.

We’re here to help. As a managed service provider, part of our job is to help our clients identify and eliminate any risk factors and threats that issues within their technology may pose. Learn more about our services by calling 1300 008 123 today.

How Your Business’ IT Future Has Changed in the Pa...
Let’s Take a Look at the Data Breaches So Far in 2...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, December 22, 2024

Captcha Image

Latest Blog

Businesses have seen an increase in cyberattacks, and this trend is not slowing down in 2025. Today, we want to explore what the future could hold so you can take these insights and apply them to your cybersecurity initiatives in the coming...

Contact Us

Learn more about what Gravité
can do for your business.

Gravité
Level 3 / 19-23 Prospect Street
Box Hill, Victoria 3128

Account Login