RESOURCES
[R1] https://www.heise.de/news/Der-Hafnium-Exchange-Server-Hack-Anatomie-einer-Katastrophe-5077269.html
[R2] https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-197772-1132.pdf?__blob=publicationFile&v=21
[R3] https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
[R4] https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Vorfaelle/Exchange-Schwachstellen-2021/MSExchange_Schwachstelle_Detektion_Reaktion.pdf?__blob=publicationFile&v=3
[R5] https://www.boc.de/watchguard-info-portal/2021/03/exchange-server-hafnium-exploit/
[R6] https://niedersachsen.digital/hafnium-hack-ablauf-und-folgen/
[R7] https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA10H000000Xe1SSAS&lang=en_US
[R10] https://www.boc.de/watchguard-info-portal/2021/03/exchange-server-hafnium-exploit/
[R11]https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
[R12]https://www.csoonline.com/article/3616699/the-microsoft-exchange-server-hack-a-timeline.html
[R14] https://twitter.com/ArneSchoenbohm/status/1372203599657336836
[R15] https://www.netwitness.com/en-us/blog/2021-03/hafnium-attacks-microsoft-exchange-users
[R17] https://unit42.paloaltonetworks.com/microsoft-exchange-server-attack-timeline/
[*] The NCC Group has published a GitHub repository in which they provide the hash values of the files in the Exchange installation directories from the installation packages, which can be helpful as a comparison for searching for webshells: https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/Exchange
Leave a Reply
You must be logged in to post a comment.