Emerging Threats
Actor2021
HAFNIUM
2Rules
6References
1Folders
2023-03-09Latest
Summary
HAFNIUM is tracked here as a threat actor, intrusion set, or campaign with 2 Sigma detections spanning 2021. Coverage centers on webserver, windows / process_creation.
Related Detections
Search this threatEmerging Threatcriticaltest
HAFNIUM Exchange Exploitation Activity
Detects activity observed by different researchers to be HAFNIUM group activity (or related) on Exchange servers
WindowsProcess Creation
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceT1546 · Event Triggered Execution+3
Florian Roth (Nextron Systems)Tue Mar 092021
Emerging Threathightest
Exchange Exploitation Used by HAFNIUM
Detects exploitation attempts in Exchange server logs as described in blog posts reporting on HAFNIUM group activity
Web Server Log
TA0001 · Initial AccessT1190 · Exploit Public-Facing ApplicationG0125 · HAFNIUMdetection.emerging-threats
Florian Roth (Nextron Systems)Wed Mar 032021
References