On 2nd March 2021 Microsoft reported that it has observed targeted attacks that take advantage of four zero-day vulnerabilities in Microsoft Exchange Servers to gain full access to all emails on the victim's system. The attacks began in January 2021 and grew in February. Tens of thousands of servers reportedly have been affected, and the attacks are continuing. A hacker group in China known as “Hafnium” is believed to be responsible for the attacks. “Hafnium” reportedly is sponsored by the Chinese government.
 
Detailed within, we look at what you should do to protect your practice including the Microsoft script which determines whether your practice is vulnerable to an attack, and questions you can ask your supply chain vendor.

Click on the link on the right hand side to download the full guidance.