Hafnium was an attacker group that exploited a zero-day to gain access to Microsoft Exchange servers primarily in the USA. The exploit itself has now been dubbed the Hafnium Exploit. Essentially, these attackers discovered that they could modify a settings file in the offline address books feature on Exchange servers, putting in a web shell to enable running remote code on the system.
In this conversation, Candoris End User Compute Architect, Mike Shellenberger, and Candoris Director of Engineering, Nick Pier, discuss the following and offer actionable to-dos:
- What happened with the Hafnium Exploit?
- Where are things at now?
- How can people tell if they’ve been compromised?
- What should people do now if they didn’t patch?
- How exactly can organizations prepare themselves for something like this in the future?