In the period from January to March, Microsoft Exchange Server software suffered from a series of significant data breaches caused by the exploitation of four vulnerabilities. These vulnerabilities were primarily exploited by a group named Hafnium, but numerous other threat actors quickly followed suit.

Affected vertical: Information Technology, but as many organizations use Exchange Server, the reach was cross-sector.

MITRE Tactics:

  • Initial Access (TA0001): The adversaries gained access to the network by exploiting vulnerabilities in the server software.
  • Execution (TA0002): The malicious code was executed on the server, providing unauthorized access.
  • Persistence (TA0003): By installing web shells, the attackers maintained access even after the initial vulnerabilities were patched.