A one-stop shop for opinion, analysis, and/or coverage of the Microsoft Exchange Hafnium compromise. Coverage includes official statements and filings, accredited media coverage, industry analyisis, and noteworthy blogs, digital media, and other mediums as deemed worthwhile.
Note: All links shared here have gone through the normal DevOps’ish editorial and curation process.
To add content for review, issue a pull request against this file in GitHub.
Official Statements
- Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 2, 2021 (KB5000871)
- Joint Cybersecurity Advisory Compromise of Microsoft Exchange Server
- CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities | CISA
- Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021 – Microsoft Security Response Center
- Multiple Security Updates Released for Exchange Server – updated March 12, 2021 – Microsoft Security Response Center
- “Patching and mitigation is not remediation if the servers have already been compromised. It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted.” —National Security Council Twitter
- Guidance on Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise | CISA
- CSS-Exchange/Security at main · microsoft/CSS-Exchange
- Background Press Call by Senior Administration Officials on the Administration’s Response to the Microsoft and SolarWinds Intrusions | The White House
Press
- No sign of Exchange-related ransomware hitting UK orgs, claims NCSC as it urges admins to scan for compromises • The Register
- Exchange servers first compromised by Chinese hackers hit with ransomware | Ars Technica
- Report: At least 10 hacking groups are exploiting Microsoft Exchange flaws | VentureBeat
- White House cites ‘active threat,’ urges action despite Microsoft patch | Reuters
- Microsoft Exchange server attacked by Hafnium, company says - CNN
- Biden administration expected to form task force to deal with Microsoft hack linked to China - CNNPolitics
- Tens of thousands of US organizations hit in ongoing Microsoft Exchange hack | Ars Technica
- Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims | WIRED
- There’s a vexing mystery surrounding the 0-day attacks on Exchange servers | Ars Technica
- Critical 0-day that targeted security researchers gets a patch from Microsoft | Ars Technica
- White House task force met with private sector to discuss Microsoft software vulnerabilities | VentureBeat
- Microsoft Exchange Server hacks ‘doubling’ every two hours | ZDNet
- Exchange Server attacks: Microsoft shares intelligence on post-compromise activities | ZDNet
- AP sources: SolarWinds hack got emails of top DHS officials
- Exchange Server attacks: Microsoft shares intelligence on post-compromise activities | ZDNet
Industry
- Hackers dropping DearCry ransomware using Exchange Server exploit
- Microsoft Exchange hack, larger than originally believed, prompts emergency task force - SiliconANGLE
- Microsoft was warned months ago — now, the Hafnium hack has grown to gigantic proportions - The Verge
- US National Security Council urges review of Exchange Servers in wake of Hafnium attack • The Register
- The Microsoft Exchange Server mega-hack – what you need to know – HOTforSecurity
- More hacking groups join Microsoft Exchange attack frenzy
Blogs, Newsletters, Digital Media, etc.
- Researchers warn of a surge in cyber attacks against Microsoft ExchangeSecurity Affairs
- Microsoft Exchange Server Attack Escalation Prompts Patching Panic
- Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installsSecurity Affairs
- Microsoft releases one-click Exchange On-Premises Mitigation Tool
- 92% of all on-premises Microsoft Exchange servers exposed online affected by the ProxyLogon vulnerabilities are now patched