This Wednesday we were informed that Microsoft had identified a serious and very sophisticated cyber-attack from a state-sponsored hacker organization from China named Hafnium.
The attack targets all current versions of Microsoft Exchange and exploits several, previously unknown shortcomings in Microsoft's software, so-called 0-day exploits.
For more information, see the following posts from Microsoft: https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/
In the observed attacks, Hafnium uses these vulnerabilities to access Exchange servers and e-mail accounts and allow the insertion of malicious code to enable long-term access to the affected server environment.
To fix these vulnerabilities Microsoft released a series of security updates and upon receiving these we immediately began the roll-out and we were able to conclude the installation on our final Exchange server at lunchtime Friday.
Later in the week, it became clear that Hafnium had succeeded in initiating attacks on hundreds of thousands of Exchange servers around the world, many before the publication of the security updates.
To facilitate the identification of affected Exchange servers, Microsoft created a toolset to allow their customers to be able to identify which servers have been attacked and whether data has been extracted.
Subsequently, we were able to establish that our Exchange servers have been targeted in the attack, but with no indications that any data has been extracted.
As part of our incident management process, and to be able to ensure the highest possible data integrity, we decided to engage independent cybersecurity experts Truesec to run an in-depth analysis of our servers.
After a thorough review of our Exchange servers, they have now been able to report that there is no indication of any malicious code on the servers nor of any data extraction.
Finally, I would like to assure you that we treat any such serious incident with due diligence and hence do everything possible, around the clock, in close cooperation with suppliers and independent experts, to ensure that you enjoy services with market-leading integrity and availability.