Microsoft has released a script that admins can use to check whether the ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. Microsoft released out-of-band emergency security updates to fix four zero-day vulnerabilities actively used in attacks against Microsoft Exchange. The attacks have been attributed to a China state-sponsored hacking group known as HAFNIUM. The US Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends that all organizations utilize this script to check if their servers have been compromised.
Source: https://www.bleepingcomputer.com/news/microsoft/this-new-microsoft-tool-checks-exchange-servers-for-proxylogon-hacks/