In this blog post, our goal is to highlight how our Managed Threat Hunting team was able to detect these zero-day threats using Cortex XDR before the Microsoft Exchange vulnerabilities were publicly disclosed. Shortly after the public disclosure, we published a Threat Assessment and a threat hunting blog post explaining how to actively defend against these specific vulnerabilities. Since the initial attacks, Unit 42 and a number of other threat intelligence teams have observed multiple threat actors exploiting these zero-day vulnerabilities in the wild. On March 2, Microsoft released security updates to mitigate four critical zero-day Microsoft Exchange Server vulnerabilities that were actively exploited by a threat group they call HAFNIUM.
