Four new zero-day vulnerabilities affecting Microsoft Exchange are being actively exploited in the wild by HAFNIUM. Sophos customers are protected from the exploitation of the new zero-day vulnerabilities affecting Microsoft Exchange.

Identifying signs of compromise?

Anyone running on-premises Exchange Servers ( +/- 2300 servers in Belgium) should patch them without delay, and search their networks for indicators of attack. The Sophos MTR team has published a step-by-step guide on how to search your network for signs of compromise.

What to do?

1. Patch or disable
2. Determine possible exposure
3. Look for web shells or other suspicious .aspx files.
4. Query with Sophos EDR
5. Establish impact

Protecting Sophos customers from HAFNIUM:

Sophos Intercept X advanced, XG Firewall and other Sophos network and server security customers benefit from multiple protections against the exploitation of the new vulnerabilities. More information on CERT.be (The Belgian Federal Cyber Emergency Team) blogpost.

Still, concerned about HAFNIUM? Contact Kappa Data today to ensure that any potential adversarial activity in your environment is identified and neutralized.