HAFNIUM

Actor Type	Nation State
Attributed to Nation	China
Directly Linked Intrusion Sets	Silk Typhoon

HAFNIUM is an intrusion set originally identified by Microsoft researchers. In March 2021, HAFNIUM were observed targeting Microsoft Exchange Servers at a global scale and exploiting multiple zero-day vulnerabilities.

The actor was subsequently renamed by Microsoft to Silk Typhoon.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

HAFNIUM Threat Reports

Report

HAFNIUM targeting Exchange Servers with 0-day exploits

In March 2021 Microsoft detected multiple zero-day exploits being used as part of a widespread campaign by HAFNIUM / Silk Typhoon. This report ...

View Source

References

www.microsoft.com

https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

www.gov.uk

https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking