News 16th March 2021
On March 2nd, zero-day vulnerabilities affecting on-premises versions of Microsoft Exchange Server 2013, 2016, and 2019 were publicly disclosed. These vulnerabilities are being actively exploited in the wild by Hafnium and other threat actors.
Sophos strongly recommends you take this threat seriously and act immediately, if you have not already done so. Whether that is educating your customers using the links below, or taking action if you manage their infrastructure. Sophos is regularly updating the Hafnium articles with the latest information and detections.
At a minimum you should:
The Sophos Managed Threat Response (MTR) team has published detailed guidance on how to respond to Hafnium. If you need expert assistance to determine exposure or remediate the situation, there are services available to help:
Managed Threat Response (MTR) – a managed security service that can perform threat hunting to identify adversarial activity in your environment and neutralize the situation
Rapid Response (RR) – If you have identified an active attack in your environment and need immediate assistance to neutralize the attack, this service is available