ITP Techblog

Brought to you by IT Professionals NZ
« Back to Home

'Hafnium' attacks spreading alarm worldwide

Paul Brislen, Editor. 08 March 2021, 5:00 am

The fallout from the latest Microsoft security flaw is intensifying with corporate users being warned they are at risk and could already be compromised.

System administrators are being warned to update all Microsoft systems with the patches that were released in early February as news comes in that tens of thousands of US systems are compromised and many more are at risk. The White House describes the situation as "an active threat" and blames China for exploiting the flaws, and the Department for Homeland Security has issued an emergency directive describing the "unacceptable risk" to US federal agencies.

"Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks," says Microsoft's security blog which has the latest on the situation.

Microsoft blames Chinese organisation Hafnium for the attacks, saying the group "primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs."

Hafnium has, according to Microsoft "previously compromised victims by exploiting vulnerabilities in internet-facing servers, and has used legitimate open-source frameworks, like Covenant, for command and control. Once they've gained access to a victim network, HAFNIUM typically exfiltrates data to file sharing sites like MEGA."

Meanwhile, in New Zealand, the CERT NZ cybersecurity response team has published an advisory on the attacks: "CERT NZ is aware that widespread exploitation activity has occurred as a result of these vulnerabilities. Patching should be carried out immediately."


You must be logged in in order to post comments. Log In

Web Development by The Logic Studio