Skip Navigation
BlackBerry ThreatVector Blog

BlackBerry Executive Roundtable: Lessons Learned From the HAFNIUM Attack

On March 2nd, the Microsoft® Security Response Center (MSRC) issued a security advisory announcing four Exchange Server vulnerabilities being actively exploited by the threat group known as HAFNIUM. Within five minutes of the news going public, cybercriminals began intensively scanning the web for servers to exploit.

In the week that followed, tens of thousands of cloud-facing Microsoft Exchange servers were compromised. On April 13th, a scant six weeks later, Microsoft disclosed four additional Exchange Server vulnerabilities and released security updates for the affected systems.

These events in no way reflect poorly on Microsoft. The company has shown admirable speed and transparency in disclosing and patching vulnerabilities. No company, especially one that produces millions of lines of code each year, can ensure that every line will be bulletproof. Clever adversaries will always find a way in or a vulnerability to exploit.

BlackBerry Executive Roundtable: Mitigating HAFNIUM

Even today, however, many organizations are still unsure if they were victimized by HAFNIUM, whether their remediation efforts were successful, and what they can do to avoid similar attacks in the future. BlackBerry addresses these concerns and more in an on-demand roundtable discussion featuring Nigel Thompson, VP of Product Marketing, Rich Thompson, VP of Solutions Strategy, and Tony Lee, VP of Global Services Technical Operations.

Topics include:

  • The vulnerabilities, exploits, and tactics, techniques, and procedures (TTPs) utilized by HAFNIUM and its copycats to compromise Microsoft Exchange Servers.
  • Best practices for prevention, detection, response, and remediation of HAFNIUM attacks and others like it.
  • The difference between “assume breach” and “assume vulnerability” and the implications for effective cyber defense.
  • How BlackBerry cybersecurity software and professional services solutions help customers mitigate HAFNIUM attacks and enhance their cyber resilience.

Don’t miss this essential security briefing.

Watch now!

Hacking Exposed Webinar: Inside the Microsoft Exchange/Proxy Logon Hack

We also invite you to learn more about the HAFNIUM attacks by viewing a related special two-part, on-demand Hacking Exposed presentation by Brian Robison, BlackBerry Chief Evangelist and Senior Director of Product Marketing.

In Part One, Brian deconstructs:

  • The four Exchange Server vulnerabilities exploited by HAFNIUM.
  • The scripts and commands used by HAFNIUM for each step of the attack chain.
  • Common post-exploitation strategies by HAFNIUM and other advanced threat groups.

In Part Two, Brian moves into the lab to demonstrate two different ways to exploit these vulnerabilities.

Don’t miss this essential Hacking Exposed security briefing!

Watch now! 

About Corporate Communications