Busted by XDR: Detecting Microsoft Exchange Post-Exploit Activity in February
On March 2, Microsoft released security updates to mitigate four critical zero-day Microsoft Exchange Server vulnerabilities that were actively exploited by a threat group they call HAFNIUM. Since the initial attacks, Unit 42 and a number of other threat intelligence teams have observed multiple threat actors exploiting these zero-day vulnerabilities in the wild.
Shortly after the public disclosure, we published a Threat Assessment and a threat hunting blog post...