Hafnium: What you need to know

We interrupt our March tax season posts with an important alert about HAFNIUM and to discuss what you need to know. The known vulnerabilities impact on-premise Microsoft Exchange servers.


HAFNIUM is the name being used for the group of cybercriminals based out of China. This group is exploiting recently identified vulnerabilities for on-premise Microsoft Exchange servers. There were four identified vulnerabilities that allow cybercriminals control over affected systems. To learn more on the timeline of events, cybersecurity researcher Brian Krebs from Krebs on Security breaks it down for us here.

What has Microsoft done?

Once alerted, Microsoft began investigating these vulnerabilities and released updates. The updates are for their Microsoft Exchange Server 2013 through 2019 and also released an update for Exchange server 2010, which is no longer supported. For a live blog from Microsoft check out this here.

Despite the vulnerabilities being patched by updates for those who deploy these Exchange Servers on-premise, the cybercriminal group was prepared and installed web shells on impacted servers prior to the patches, these serve as a backdoor into your servers even if they have been updated.

What can your small business do?

For those small businesses who utilize a managed service provider, it is important that you reach out to them and verify if you utilize on-premise Microsoft Exchange servers. If you do, your managed service provider will need to activate your incident response protocols and remediate as necessary.

For those small businesses who do not use a managed service provider, you will need to decide if your small business has the expertise to handle this internally. If you can, here is an alert from CISA (Cybersecurity & Infrastructure Security Agency)  that offers mitigation steps.

For more information on cybersecurity check out Small Business, Big Threat!