The group is using virtual private servers (VPS) located in the US to try to hide its true location.
The attacks have been traced back to January 6, 2021, when a new threat group subsequently labelled “Hafnium” by Microsoft began exploiting four zero-day bugs in Microsoft Exchange Server. These queries can be found in our Knowledge Base article, along with details on the added detections and protections that customers can leveraged across all security solutions.
In addition, existing XDR customers can use pre-built queries in Trend Micro Vision One to search for signs of the attack in their environment. We fully echo the recommendations from Microsoft and others. At this time, anyone with an Exchange server needs to take investigative steps to check for signs of compromise. In our most recent check of Shodan, there are still around 63,000 exposed servers vulnerable to these exploits.Īpplying the available patches should be a top priority, or disconnect any vulnerable servers you may be running if you can’t patch immediately. At least 30,000 organizations are already thought to have been attacked in the US, but the number may be much larger globally - giving the hackers remote control over victims’ systems.
0 kommentar(er)
