03/10/2021
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) announced a Microsoft Exchange Server joint advisory (AA-21-069) on Wednesday that offers consolidated advice for Exchange Server users on detecting Hafnium attacks.
The advice, which offers practical measures for IT pros to take, is based on republished materials, and was partially derived from multiple open source reports. Organizations using Exchange Server products currently are under active attack by a supposed nation-state attacker, dubbed Hafnium, via zero-day vulnerabilities in those products. Microsoft s Exchange Online serviced isn t considered to be vulnerable, though.
In general, CISA and the FBI are advising organizations running Exchange Server to look for indicators of compromise using various tools and logs. If indicators of compromise are detected and organizations lack forensic skills for further investigation, then they shoul