Targeting of organizations via Microsoft Exchange Server vulnerability

Date of report

March 2021

Affiliations

Hafnium

The Chinese threat actor Hafnium exploited vulnerabilities in the Microsoft Exchange Server to access the emails of hundreds of thousands of entities across the globe.

Suspected victims

Various industry sectors, including state and local governments, universities, defense contractors, law firms, medical researchers, think tanks, and others

Suspected state sponsor

China

Type of incident

Espionage

Target category

Civil society
Private sector
Government

Suspected state sponsor response

Denial

HAFNIUM targeting Exchange Servers with 0-day exploits
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events