cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Dayananda
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 11 of 18

Re: HAFNIUM targeting Exchange Servers with 0-day exploits

Hello,

 

Mcafee has released an article to keep customers informed about the coverage. Please refer to the below link and subscribe to it so that if there are any updates you will be informed.

McAfee coverage for Exchange Servers targeted with zero-day exploits by the HAFNIUM Threat Group
Technical Articles ID: KB94270
https://kc.mcafee.com/corporate/index?page=content&id=KB94270

I hope this helps, let us know if you have any queries.

 

Regards,
Daya
galih27
Level 9
Report Inappropriate Content
Message 12 of 18

Re: HAFNIUM targeting Exchange Servers with 0-day exploits

okay i am waiting for the information that ens can cover HAFNIUM

Re: HAFNIUM targeting Exchange Servers with 0-day exploits

Thank you for the reply.

While waiting, can we get any data from the Active Response module  queries based on the attachment below? 

We have deployed the active response in order to do some forensic work. 

MS has deployed hunting queries (see attached) 

galih27
Level 9
Report Inappropriate Content
Message 14 of 18

Re: HAFNIUM targeting Exchange Servers with 0-day exploits

several antivirus vendors have issued their statements such as the results of analysis related to hafnium
I still don't get the right answer from mcafee regarding their product endpoint
Nielsb
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 15 of 18

Re: HAFNIUM targeting Exchange Servers with 0-day exploits

Update in KB94270

March 5, 2021Added Extra.DAT attachment.

McAfee Insights:
Campaign can be found by searching for: Exchange Servers targeted with zero-day exploits by the HAFNIUM Threat Group

galih27
Level 9
Report Inappropriate Content
Message 16 of 18

Re: HAFNIUM targeting Exchange Servers with 0-day exploits

is there any more updates from mcafee regarding this
web1b
Level 7
Report Inappropriate Content
Message 17 of 18

Re: HAFNIUM targeting Exchange Servers with 0-day exploits

Is the extra.dat file still needed?

At what point will this be covered through the normal DAT update process?

Is this covered in both VSE and ENS for Windows servers?

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 18 of 18

Re: HAFNIUM targeting Exchange Servers with 0-day exploits

HI @web1b ,

The ED contains coverage for a specific IOC that is now covered via regular DAT. ED is no more necessary unless we have further developments that we shall duly update to all of our Customers via the KB.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community