Exchange attack Hafnium

Jendislav 96 Reputation points

Hello, please can anybody tell me by this log, if my 2 servers had been compromised please? Thank you.
Server log
"2021-03-03T07:52:03.579Z","ServerInfo~a]@Testta .domain.local:444/autodiscover/autodiscover.xml?#"
"2021-03-04T23:03:44.923Z","ServerInfo~akak]@Testta .domain.local:444/autodiscover/autodiscover.xml?#"
"2021-03-05T05:37:27.400Z","ServerInfo~akak]@Testta .domain.local:444/autodiscover/autodiscover.xml?#"
"2021-03-05T16:44:51.174Z","ServerInfo~a]@Testta .domain.local:444/autodiscover/autodiscover.xml?#"
"2021-03-05T16:44:54.680Z","ServerInfo~a]@Testta .domain.local:444/autodiscover/autodiscover.xml?#"
"2021-03-05T16:45:32.913Z","ServerInfo~a]@Testta /autodiscover/autodiscover.xml#"

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,485 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 145K Reputation points MVP

    Probably. Consider opening a Microsoft support ticket or hiring a security consultant to investigate further:

    Personally, I would take all the Exchange Servers offline and rebuild them from scratch.

  2. Eric Yin-MSFT 4,386 Reputation points

    You could run the script here and it will give you the result like following if it's not affected:

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.