HC3 TLP Analyst Note: Microsoft Exchange Server Zero-Days Actively Exploited March 3, 2021

On March 2, 2021, Microsoft released emergency out-of-band security updates for four Microsoft Exchange zero-day vulnerabilities being actively exploited in targeted attacks. These flaws affect Microsoft Exchange Server versions 2013, 2016, and 2019. Exchange Online (O365) is not affected. Microsoft has labeled the group that is actively attacking vulnerable Exchange servers HAFNIUM who, according to them is Chinese state-sponsored and has a history of heavily targeting US organizations across industries, but most notably, infectious disease researchers. Other researchers have identified other threat actors, believed to be China-based, to be exploiting these vulnerabilities as well. View the entire report under key resources.

 

Key Resources

Related Resources

Letter/Comment
AHA Responds to CISA Proposed Rule on Cyber Incident Reporting Requirements
Public
Advisory
HHS Issues Alert on Critical Vulnerability in ‘MOVEit,’ File Transfer Platform Used by Health Care Sector
Public
Special Bulletin
AHA Helps Secure New Cybersecurity Resources from Microsoft and Google to Assist Rural Hospitals
Public
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part Two
Public
Special Bulletin
HHS Authorizes UnitedHealth Group to Make Breach Notifications on Behalf of Providers
Member
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part One
Public