Hafnium is a chemical element 🧪 but it is also a Chinese state-sponsored hack identified by the Microsoft Threat Intelligence Center 💻❌ So far, what do we know about it❓👇
Hafnium primarily targets a number of US firms across a range of industry sectors:
🎯Infectious disease researchers,
🎯Higher education institutions,
🎯Policy think tanks
While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States. So how does it do it❔
☠ It gains access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access.
☠ - It creates what’s called a web shell to control the compromised server remotely.
☠ - It uses that remote access – run from the U.S.-based private servers – to steal data from an organization’s network.
Microsoft has responded by releasing security updates that will protect customers running Exchange Server.
If you're interested in learning about other major hacking incidents, I've included a link in the comment to a previous post.