MS Exchange Hack

This is a summary and lessons learned regarding the MS Exchange hack in early 2021 by the cyber gang Hafnium.

----------------------------
#infosec #hack #cybersecurity
----------------------------

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails
https://krebsonsecurity.com/2021/03/microsoft-chinese-cyberspies-used-4-exchange-server-flaws-to-plunder-emails/

Warning the World of a Ticking Time Bomb
https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/

At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns
https://www.cyberscoop.com/microsoft-exchange-china-exploitation-eset/

Microsoft IOC Detection Tool for Exchange Server Vulnerabilities
https://us-cert.cisa.gov/ncas/current-activity/2021/03/06/microsoft-ioc-detection-tool-exchange-server-vulnerabilities

Scan Exchange log files for indicators of compromise
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log

Defending Exchange servers under attack
https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/

Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html