The Colloquium (CISSE)
The Colloquium

Industry News

4
Mar
2021

HAFNIUM targeting Exchange Servers with 0-day exploits

  • 4 Mar 2021
  • 4 Mar 2021
  • 3016

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.

The vulnerabilities recently being exploited were CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, all of which were addressed in today’s Microsoft Security Response Center (MSRC) release – Multiple Security Updates Released for Exchange Server. We strongly urge customers to update on-premises systems immediately. Exchange Online is not affected.

Microsoft is sharing information with customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately to protect against these exploits and prevent future abuse across the ecosystem. This blog also continues our mission to shine a light on malicious actors and elevate awareness of the sophisticated tactics and techniques used to target our customers. The related IOCs, Azure Sentinel advanced hunting queries, and Microsoft Defender for Endpoint product detections and queries shared in this blog will help SOCs proactively hunt for related activity in their environments and elevate any alerts for remediation.

For the complete security article, please visit:
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

28th Colloquium

November 13 - 15, 2024

The 28th Colloquium will be held in November 2024 in Florida at The University of Tampa. The program is continuously evolving, so please bookmark the link below for the latest updates.

Call for Papers

The Editorial Committee invites paper submissions to the 28th Colloquium. Please submit an original, unpublished paper, in the field of Cybersecurity Education by August 15th.

Sponsorship

CISSE offers a distinctive platform for showcasing your organization with precision, targeting not just cybersecurity enthusiasts, but the educators in cybersecurity.

Journal - Winter 2024

The latest edition of The Colloquium Journal is available for purchase, with select articles available on CISSE's Open Journal repository.

CISSE

The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The goal of The Colloquium is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.

GuideStar Seal of Transparency

CISSE earned a Silver Seal with GuideStar. See our non-profit profile to learn more and make a difference with your support.

Guidestar Profile

If you value our mission of service, please consider making a donation, or supporting the organization through charitable pledges.

Donate via Pledge
Donate via Network for Good

Recent Posts

22 Mar 2024
28th Colloquium - Writers Workshop

CISSE's next Writers Workshop is scheduled for April 25, 2024. This series is tailored for professionals and academics seeking to enhance their publication skills and amplify the impact of their research. This webinar is complimentary and will be hosted by CISSE's Editorial Committee.

10 Mar 2024
28th Colloquium - Opportunities

The Colloquium for Information Systems Security Education offers a distinctive platform for showcasing your organization with precision, targeting not just cybersecurity enthusiasts, but the educators in cybersecurity.

Copyright © 2024 CISSE. All rights reserved.