Another day, another state-sponsored threat. SolarWinds was the most recent menace, but HAFNIUM is the latest hazard companies are experiencing. Are you one of its victims?

 

What is HAFNIUM and Should I Be Concerned?

HAFNIUM, a nation-state group sponsored by China, has been discovered making limited, targeted, zero-day exploits to on-premises Microsoft Exchange Servers (not Exchange Online).

The goal of the attacks is to access email accounts and steal the full contents of those accounts in order to install malware. The malware then allows long-term access to the victim’s environment and exploits vulnerabilities to compromise that network. The threat allows remote code execution (RCE), which means HAFNIUM can (and will) dump credentials, add user accounts, move laterally through systems to exfiltrate data, and create backdoors.

According to Microsoft, HAFNIUM targets United States-based infectious disease centers, law firms, higher education institutions, defense contractors, policy think tanks, and non-governmental organizations (NGO).

It’s relevant to note that the HAFNIUM attacks are not related to the SolarWinds attacks seen in previous months.

 

What to Do if HAFNIUM Attacked Your Microsoft Exchange Server

If you’re currently operating on-premises Microsoft Exchange Servers, patching is critical. Microsoft has released security updates that will limit vulnerabilities and targeted attacks.

If you can’t patch immediately (and even if you can), disable external access to your Microsoft Exchange Servers. Nothing should be accessible externally; if an employee needs to access something while outside the network, they should log into the VPN.

Check the accounts that have access to your server and make sure those passwords are updated right now (even if they were updated recently). And even though it’s possible for HAFNIUM to bypass two-factor authentication, it’s still prudent to have it enabled.

 

Agio’s Extended Detection and Response Solution Protects You

Our Extended Detection Response (XDR) team protects your endpoints—if anything tries to execute, we’ll head it off at the pass. Any bad things that go bump in the night are quarantined and prevented from executing—and we’ll notify you immediately because that’s what partners do.

Agio is committed to tracking bad actors and increasingly sophisticated attacks. We vigilantly monitor indicators of compromise (IOCs) and remediate attacks to ensure you and your data are safe.

 

Need Help?

Agio’s XDR services offer unified threat management, incident response, EDR, email threat detection, and phishing protection. When you rely on Agio’s expertise and experience, you can rest assured we have your back—with threats like HAFNIUM and beyond.

We bring everything together with what we call #OneAgio. Our teams have symbiotic relationships, so we deliver more than just service. We deliver a client experience that reaffirms “we’ve got you covered.” Whether it’s your cyber consultant with your vCISO program or your XDR team or your managed IT team, we’re monitoring it all.

If you don’t have a complete XDR suite, contact us now to protect your data. You’ll be relieved you have a partner who has the talent to respond immediately.