The newly released detection rules for OpenText™ EnCase™ Endpoint Security CE 20.4 and CE 21.1 updates the product’s software detection rules with known indicators of compromise related to HAFNIUM. The OpenText™ Security Detection Engineering Team is closely monitoring the situation and developing tools to help customers mitigate potential risk from this cyberattack. Microsoft has declared that Exchange Online is not affected. Microsoft strongly urges customers to update on-premises systems immediately. These vulnerabilities are addressed in the following Microsoft Security Response Center (MSRC) releases – Multiple Security Updates Released for Exchange Server and Guidance for Responders: Investigating and Remediating on-premises Exchange Server vulnerabilities. In the attacks observed, the threat actor used these vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, to access on-premises Exchange servers which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.”
Microsoft commented: “In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments. On March 2, Microsoft announced that its on-premises Exchange Server had experienced multiple 0-day exploits.
0 kommentar(er)
