Skip to content
Auto-CTI
Back to all actors

HAFNIUM

Nation-state Espionage China Historical

Aliases: Silk Typhoon

Also seen as: Hafnium

Mentions
4
First seen
03 Nov 2021
Last seen
30 Sept 2022

Relevant to you ยท Affects your stack

Technology:
Microsoft Windows Server 2022Microsoft Remote Desktop Gateway
Threat focus:
espionage / apt
Sector / region:
Manufacturing

Origin

China โ€” Chinese state-linked

Profile

HAFNIUM is a state-sponsored threat actor group that recently exploited multiple critical vulnerabilities in Microsoft Exchange Server, including CVE-2022-41082, CVE-2021-26858, CVE-2021-27065, and CVE-2021-26857. These vulnerabilities allowed remote code execution and were used in targeted attacks.

Affected vendors

Microsoft

How they operate (MITRE tactics)

Recommended mitigations

Derived from MITRE ATT&CK, mapped to this actor's techniques.

Linked CVEs

Related actors

Share a CVE, technique or malware with this actor.

Activity (8 weeks)

22
23
24
25
26
27
28
29

Recent activity

ESC

โ€ฆ