Patched Exchange to head off Hafnium? You might only be halfway to safety

2021-04-27 07:00

If you're running Microsoft Exchange anywhere in your organisation and you're not extremely concerned about the threat from Hafnium, you haven't been paying attention this year.

The Hafnium name refers to both the allegedly Chinese government-linked group which has emerged as the main driver behind a wave of attacks aimed at exploiting zero day vulnerabilities in multiple versions of Exchange, as well as the exploits and malware they are using to gain free rein over your systems.

The initial attack seems to have been focused on exfiltrating information from the likes of infectious disease research organisations, defence contractors and educational organisations, as well as law firms, think tanks and NGOs.

More conventionally nasty attackers have gotten in on the act, using the vulns to inject ransomware and other nasties.

While the initial news prompted a rare out of band wave of patches from Redmond, the bad news is that whilst these will prevent further attacks, they won't prevent the bad guys continuing to wreak havoc if your system has already been compromised.

They'll explain exactly what sort of help you can call on to protect your organisation from future associated attacks - and who to call if you realise you've being breached, like, right now.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/04/27/exchange_hafnium_sophos/

#exchange