HAFNIUM
MISP
Type:
Unknown
Unknown
Country:
CN
CN
First seen:
Unknown
Unknown
Details:
HAFNIUM primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures. HAFNIUM has previously compromised victims by exploiting vulnerabilities in internet-facing servers, and has used legitimate open-source frameworks, like Covenant, for command and control. Once they’ve gained access to a victim network, HAFNIUM typically exfiltrates data to file sharing sites like MEGA.In campaigns unrelated to these vulnerabilities, Microsoft has observed HAFNIUM interacting with victim Office 365 tenants. While they are often unsuccessful in compromising customer accounts, this reconnaissance activity helps the adversary identify more details about their targets’ environments. HAFNIUM operates primarily from leased virtual private servers (VPS) in the United States.
MITRE ATT&CK:
View on MITRE
Techniques Used (44)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1003.001 | LSASS Memory | - |
| T1003.003 | NTDS | - |
| T1005 | Data from Local System | - |
| T1016 | System Network Configuration Discovery | - |
| T1016.001 | Internet Connection Discovery | - |
| T1018 | Remote System Discovery | - |
| T1033 | System Owner/User Discovery | - |
| T1057 | Process Discovery | - |
| T1059.001 | PowerShell | - |
| T1059.003 | Windows Command Shell | - |
| T1068 | Exploitation for Privilege Escalation | - |
| T1070.001 | Clear Windows Event Logs | - |
| T1071.001 | Web Protocols | - |
| T1078.003 | Local Accounts | - |
| T1078.004 | Cloud Accounts | - |
References (10)
- attack.mitre.org - G0125
- microsoft.com - Hafnium Targeting Exchange Servers
- volexity.com - Active Exploitation Of Microsoft Exchange Zero Day Vulnerabilities
- splunk.com - Detecting Hafnium Exchange Server Zero Day Activity In Splunk
- reddit.com - Mass Exploitation Of Onprem Exchange Servers
- blog.rapid7.com - Rapid7s Insightidr Enables Detection And Response To Microsoft Exchange 0 Day
- twitter.com - 1366862946488451088
- fireeye.com - Detection Response To Exploitation Of Microsoft Exchange Zero Day Vulnerabilities
- us-cert.cisa.gov - Aa21 062a
- discuss.elastic.co - 266289
Aliases (840)
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Operation Exchange Marauder
Silk Typhoon
ATK233
G0125
Operation Exchange Marauder
Red Dev 13
Silk Typhoon
MURKY PANDA
Related Malware (6)
Metadata
| ID: | 304 |
| Created: | 13/01/2026 17:48 |
| Updated: | 07/03/2026 04:00 |