Cisco Talos has seen shifts in tactics, techniques, and procedures associated with this activity. The majority of the activity continues to follow the guidance provided by Microsoft. Financial services have been disproportionately affected by exploitation. As more actors move into the space, it’s likely going to get worse. We encourage everyone to patch as soon as possible. As time passes, the amount of groups exploiting these vulnerabilities is only going to increase. We have also identified organizations that may be involved in post-exploitation activity.”]
Source: https://blog.talosintelligence.com/2021/03/hafnium-update.html