Exchange attack Hafnium

Jendislav 96 Reputation points
2021-03-06T19:11:05.103+00:00

Hello, please can anybody tell me by this log, if my 2 servers had been compromised please? Thank you.
Server log
CVE-2021-26855
"2021-03-03T07:52:03.579Z","ServerInfo~a]@Testta .domain.local:444/autodiscover/autodiscover.xml?#"
"2021-03-04T23:03:44.923Z","ServerInfo~akak]@Testta .domain.local:444/autodiscover/autodiscover.xml?#"
"2021-03-05T05:37:27.400Z","ServerInfo~akak]@Testta .domain.local:444/autodiscover/autodiscover.xml?#"
"2021-03-05T16:44:51.174Z","ServerInfo~a]@Testta .domain.local:444/autodiscover/autodiscover.xml?#"
"2021-03-05T16:44:54.680Z","ServerInfo~a]@Testta .domain.local:444/autodiscover/autodiscover.xml?#"
"2021-03-05T16:45:32.913Z","ServerInfo~a]@Testta /autodiscover/autodiscover.xml#"
"2021-03-06T14:55:28.198Z","ServerInfo~burpcollaborator.net/ecp/default.flt?"

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,755 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 151.2K Reputation points MVP
    2021-03-06T19:17:06.39+00:00

    Probably. Consider opening a Microsoft support ticket or hiring a security consultant to investigate further:

    https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

    Personally, I would take all the Exchange Servers offline and rebuild them from scratch.


  2. Eric Yin-MSFT 4,386 Reputation points
    2021-03-08T02:58:52.417+00:00

    You could run the script here and it will give you the result like following if it's not affected:
    75203-3.png


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.