Microsoft releases emergency patches to address four previously undisclosed security flaws in Exchange Server. The tech giant primarily attributed the campaign with high confidence to a threat actor it calls HAFNIUM, a state-sponsored hacker collective operating out of China. Microsoft suspects other groups may also be involved in the attacks. The three-stage attack involves gaining access to an Exchange Server either with stolen passwords or by using previously undiscovered vulnerabilities, followed by deploying a web shell to control the compromised server remotely. The last link in the attack chain makes use of remote access to plunder mailboxes from an organization’s network and export the collected data.
Source: https://thehackernews.com/2021/03/urgent-4-actively-exploited-0-day-flaws.html