Administrators who run on-premises Microsoft Exchange Server woke up on March 2 to a rude awakening. Starting on February 28 and possibly earlier, Exchange Servers were targeted in a widespread attack that relied on leveraging a zero-day server-side request forgery (SSRF) vulnerability. Microsoft has attributed the attack to Hafnium, a Chinese APT group, but consultants for small- to medium-sized businesses have found evidence of exploitation. Older versions of Exchange, while being out of support, are not vulnerable to this issue.”]
Source: https://www.csoonline.com/article/3610454/how-to-patch-exchange-server-for-the-hafnium-attack.html