1778:
97:
Hafnium was linked to the creation of
Tarrask, a defense evasion malware used on previous attacks. The malware was used on telecommunications, Internet service providers, and data service companies from August 2021 to February 2022. The malware uses scheduled task abuse to hide payloads delivered to
84:
The name "Hafnium" was assigned to the group by
Microsoft, which publicly disclosed the group's activity on March 2, 2021. Microsoft described the group as "highly skilled and sophisticated". Hafnium is closely connected to
1295:
550:
1394:
916:
1758:
1411:
1763:
214:
1924:
489:
1945:
850:
770:
694:
740:
251:
1896:
620:
459:
320:
801:
1715:
951:
66:, and alleged they were "state-sponsored and operating out of China". According to Microsoft, they are based in China but primarily use United States-based
1404:
1281:
580:
285:
1687:
906:
735:
720:
63:
57:
429:
350:
1914:
896:
519:
1955:
901:
725:
70:, and have targeted "infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs".
542:
1919:
1705:
684:
1837:
1710:
1677:
1112:
730:
204:
1786:
1421:
1389:
1384:
1288:
816:
646:
613:
144:
78:
1585:
1469:
1162:
1740:
1541:
481:
1354:
385:
1568:
1441:
926:
1667:
1364:
1481:
679:
1558:
1379:
1950:
1486:
1464:
826:
641:
606:
1524:
1359:
239:
1682:
1642:
1622:
1607:
1008:
811:
750:
176:
1672:
1662:
1632:
1617:
1612:
1597:
1536:
1349:
1344:
1888:
1880:
1654:
1637:
1627:
1514:
875:
451:
308:
1602:
1580:
1563:
1553:
1519:
1509:
1476:
1436:
1416:
1724:
1426:
998:
870:
755:
745:
37:
1448:
1399:
1369:
1107:
791:
946:
572:
277:
1847:
1374:
1053:
988:
860:
411:
342:
511:
1431:
1174:
1058:
775:
110:
web shell, which it has used in the 2021 Microsoft
Exchange Server data breach to control hacked servers.
67:
1872:
1842:
1150:
968:
796:
760:
119:
704:
278:"White House Says China's APT40 Responsible for Exchange Hacks, Ransomware Attacks -- Redmondmag.com"
1750:
1258:
831:
765:
699:
41:
1237:
1018:
689:
1864:
1091:
1086:
973:
891:
855:
421:
1314:
983:
911:
416:
1590:
1529:
1180:
958:
865:
1132:
1003:
407:
81:(MSS). The Chinese government has denied responsibility for the 2021 Microsoft breach.
1939:
1809:
1253:
1096:
1068:
543:"Hafnium's China Chopper: a 'slick' and tiny web shell for creating server backdoors"
375:
107:
343:""Hack everybody you can": What to know about the massive Microsoft Exchange breach"
1814:
1799:
1063:
963:
921:
74:
33:
77:
said the attack had been performed by "Chinese state-backed groups" linked to the
1138:
806:
512:"Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers"
1819:
1804:
1491:
1126:
1043:
1033:
124:
1273:
425:
166:
1192:
1144:
978:
674:
316:
247:
205:"'Really messy': Why the hack of Microsoft's email system is getting worse"
1794:
1221:
1168:
1156:
1120:
821:
209:
171:
1028:
1318:
1216:
1186:
1038:
1023:
598:
1078:
993:
1573:
1546:
1322:
1048:
86:
45:
573:"Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix"
1277:
602:
412:"Chinese Hacking Spree Hit an 'Astronomical' Number of Victims"
1304:
380:
376:"China accused of cyber-attack on Microsoft Exchange servers"
482:"'Active threat': Chinese hackers target 30,000 US entities"
106:
In March 2021, it was reported the group had access to the
62:
Microsoft named
Hafnium as the group responsible for the
240:"HAFNIUM targeting Exchange Servers with 0-day exploits"
1759:
China
Institute for Innovation and Development Strategy
1764:
China
National Technical Import and Export Corporation
1907:
1856:
1828:
1785:
1749:
1733:
1698:
1651:
1502:
1457:
1337:
1330:
1246:
1230:
1209:
1202:
1105:
1077:
939:
884:
843:
784:
713:
667:
660:
234:
232:
851:Munster Technological University ransomware attack
167:"Microsoft accuses China over email cyber-attacks"
1313:(MSS Headquarters: Yidongyuan Compound, Xiyuan,
741:Waikato District Health Board ransomware attack
1289:
802:Anonymous and the Russian invasion of Ukraine
614:
8:
771:National Rifle Association ransomware attack
695:United States federal government data breach
1741:Nanjing Institute of Information Technology
1334:
1296:
1282:
1274:
1206:
736:Health Service Executive ransomware attack
664:
621:
607:
599:
64:2021 Microsoft Exchange Server data breach
58:2021 Microsoft Exchange Server data breach
52:2021 Microsoft Exchange Server data breach
1946:Chinese advanced persistent threat groups
726:Ivanti Pulse Connect Secure data breach
136:
370:
368:
1706:University of International Relations
1355:Political & Economic Intelligence
907:Ukrainian cyberattacks against Russia
685:European Medicines Agency data breach
7:
1838:Chinese intelligence activity abroad
271:
269:
198:
196:
194:
902:Change Healthcare ransomware attack
731:Colonial Pipeline ransomware attack
145:"How Microsoft names threat actors"
73:In July 2021, UK foreign secretary
583:from the original on 16 March 2021
553:from the original on 15 March 2021
522:from the original on 17 April 2022
492:from the original on 15 March 2021
353:from the original on 15 March 2021
44:. Hafnium is closely connected to
14:
462:from the original on 2 March 2021
388:from the original on 19 July 2021
323:from the original on 2 March 2021
254:from the original on 24 July 2021
217:from the original on 22 July 2021
179:from the original on 22 July 2021
1776:
721:Microsoft Exchange Server breach
432:from the original on 26 May 2021
288:from the original on 17 May 2022
1956:Information technology in China
927:IRLeaks attack on Iranian banks
452:"New nation-state cyberattacks"
309:"New nation-state cyberattacks"
203:Kevin, Collier (9 March 2021).
1380:Counterespionage Investigation
1:
922:Fur Affinity domain hijacking
827:Shanghai police database leak
817:Costa Rican ransomware attack
276:Mackie, Kurt (19 July 2021).
36:group, sometimes known as an
16:Chinese cyber espionage group
751:Kaseya VSA ransomware attack
1889:Chinese Communist Espionage
1422:Institute of Taiwan Studies
1400:Social Investigation Bureau
1360:Taiwan, Hong Kong and Macao
876:British Library cyberattack
866:Insomniac Games data breach
40:, with alleged ties to the
1972:
1725:Jiangnan Social University
1365:Analysis and Dissemination
1350:International Intelligence
1345:Confidential Communication
1305:Ministry of State Security
871:Polish railway cyberattack
756:Transnet ransomware attack
746:JBS S.A. ransomware attack
307:Burt, Tom (2 March 2021).
79:Ministry of State Security
55:
38:advanced persistent threat
1774:
1311:
680:Twitter account hijacking
634:
1417:Technical Reconnaissance
812:DDoS attacks on Romania
456:Microsoft On the Issues
313:Microsoft On the Issues
68:virtual private servers
1503:Provincial departments
1908:Activities by country
1848:China's peaceful rise
1843:Cyberwarfare by China
1151:Account pre-hijacking
897:Kadokawa and Niconico
797:Red Cross data breach
120:Cyberwarfare by China
1951:Hacking in the 2020s
1427:Imaging Intelligence
1370:Operational Guidance
1338:Headquarters bureaus
822:LastPass vault theft
792:Ukraine cyberattacks
705:Vastaamo data breach
629:Hacking in the 2020s
93:2022 Tarrask Malware
1829:Major international
1751:Front organizations
1734:Research institutes
917:Trump campaign hack
833:Grand Theft Auto VI
700:EasyJet data breach
32:by Microsoft) is a
1873:The Sentinel State
1655:autonomous regions
1019:IT Army of Ukraine
861:MOVEit data breach
690:Nintendo data leak
651:2030s →
541:Osborne, Charlie.
244:Microsoft Security
42:Chinese government
24:(sometimes styled
1933:
1932:
1772:
1771:
1458:Municipal bureaus
1390:External Security
1385:Internal Security
1271:
1270:
1267:
1266:
1092:maia arson crimew
1087:Graham Ivan Clark
952:associated events
935:
934:
892:XZ Utils backdoor
856:Evide data breach
776:Banco de Oro hack
655:
654:
579:. 16 March 2021.
486:www.aljazeera.com
1963:
1780:
1779:
1719:
1470:Detention Centre
1449:Counterterrorism
1375:Counterespionage
1335:
1315:Haidian District
1298:
1291:
1284:
1275:
1207:
912:2024 WazirX hack
761:Epik data breach
665:
637:
636:
623:
616:
609:
600:
593:
592:
590:
588:
569:
563:
562:
560:
558:
538:
532:
531:
529:
527:
508:
502:
501:
499:
497:
478:
472:
471:
469:
467:
458:. 2 March 2021.
448:
442:
441:
439:
437:
410:(5 March 2021).
404:
398:
397:
395:
393:
384:. 19 July 2021.
372:
363:
362:
360:
358:
339:
333:
332:
330:
328:
304:
298:
297:
295:
293:
273:
264:
263:
261:
259:
250:. 2 March 2021.
236:
227:
226:
224:
222:
200:
189:
188:
186:
184:
175:. 3 March 2021.
163:
157:
156:
154:
152:
141:
1971:
1970:
1966:
1965:
1964:
1962:
1961:
1960:
1936:
1935:
1934:
1929:
1903:
1852:
1830:
1824:
1781:
1777:
1768:
1745:
1729:
1713:
1694:
1653:
1647:
1498:
1453:
1326:
1307:
1302:
1272:
1263:
1242:
1226:
1198:
1110:
1108:vulnerabilities
1101:
1073:
959:Anonymous Sudan
931:
880:
839:
780:
709:
661:Major incidents
656:
630:
627:
597:
596:
586:
584:
571:
570:
566:
556:
554:
540:
539:
535:
525:
523:
516:The Hacker News
510:
509:
505:
495:
493:
480:
479:
475:
465:
463:
450:
449:
445:
435:
433:
408:Greenberg, Andy
406:
405:
401:
391:
389:
374:
373:
366:
356:
354:
347:www.cbsnews.com
341:
340:
336:
326:
324:
306:
305:
301:
291:
289:
275:
274:
267:
257:
255:
238:
237:
230:
220:
218:
202:
201:
192:
182:
180:
165:
164:
160:
150:
148:
143:
142:
138:
133:
116:
104:
95:
60:
54:
34:cyber espionage
17:
12:
11:
5:
1969:
1967:
1959:
1958:
1953:
1948:
1938:
1937:
1931:
1930:
1928:
1927:
1922:
1917:
1911:
1909:
1905:
1904:
1902:
1901:
1893:
1885:
1881:Spies and Lies
1877:
1869:
1860:
1858:
1854:
1853:
1851:
1850:
1845:
1840:
1834:
1832:
1826:
1825:
1823:
1822:
1817:
1812:
1807:
1802:
1797:
1791:
1789:
1783:
1782:
1775:
1773:
1770:
1769:
1767:
1766:
1761:
1755:
1753:
1747:
1746:
1744:
1743:
1737:
1735:
1731:
1730:
1728:
1727:
1722:
1721:
1720:
1702:
1700:
1696:
1695:
1693:
1692:
1691:
1690:
1680:
1675:
1670:
1668:Inner Mongolia
1665:
1659:
1657:
1652:Departments in
1649:
1648:
1646:
1645:
1640:
1635:
1630:
1625:
1620:
1615:
1610:
1605:
1600:
1595:
1594:
1593:
1583:
1578:
1577:
1576:
1566:
1561:
1556:
1551:
1550:
1549:
1539:
1534:
1533:
1532:
1522:
1517:
1512:
1506:
1504:
1500:
1499:
1497:
1496:
1495:
1494:
1484:
1479:
1474:
1473:
1472:
1461:
1459:
1455:
1454:
1452:
1451:
1446:
1445:
1444:
1434:
1429:
1424:
1419:
1414:
1409:
1408:
1407:
1397:
1392:
1387:
1382:
1377:
1372:
1367:
1362:
1357:
1352:
1347:
1341:
1339:
1332:
1328:
1327:
1312:
1309:
1308:
1303:
1301:
1300:
1293:
1286:
1278:
1269:
1268:
1265:
1264:
1262:
1261:
1256:
1250:
1248:
1244:
1243:
1241:
1240:
1234:
1232:
1228:
1227:
1225:
1224:
1219:
1213:
1211:
1204:
1200:
1199:
1197:
1196:
1190:
1184:
1178:
1172:
1166:
1160:
1154:
1148:
1142:
1136:
1133:PrintNightmare
1130:
1124:
1117:
1115:
1103:
1102:
1100:
1099:
1094:
1089:
1083:
1081:
1075:
1074:
1072:
1071:
1066:
1061:
1059:Sakura Samurai
1056:
1051:
1046:
1041:
1036:
1031:
1026:
1021:
1016:
1011:
1006:
1004:GnosticPlayers
1001:
996:
991:
986:
981:
976:
971:
966:
961:
956:
955:
954:
943:
941:
937:
936:
933:
932:
930:
929:
924:
919:
914:
909:
904:
899:
894:
888:
886:
882:
881:
879:
878:
873:
868:
863:
858:
853:
847:
845:
841:
840:
838:
837:
829:
824:
819:
814:
809:
804:
799:
794:
788:
786:
782:
781:
779:
778:
773:
768:
766:FBI email hack
763:
758:
753:
748:
743:
738:
733:
728:
723:
717:
715:
711:
710:
708:
707:
702:
697:
692:
687:
682:
677:
671:
669:
662:
658:
657:
653:
652:
649:
644:
635:
632:
631:
628:
626:
625:
618:
611:
603:
595:
594:
577:threatpost.com
564:
533:
503:
473:
443:
399:
364:
334:
299:
265:
228:
190:
158:
135:
134:
132:
129:
128:
127:
122:
115:
112:
103:
100:
94:
91:
56:Main article:
53:
50:
28:; also called
15:
13:
10:
9:
6:
4:
3:
2:
1968:
1957:
1954:
1952:
1949:
1947:
1944:
1943:
1941:
1926:
1925:African Union
1923:
1921:
1920:United States
1918:
1916:
1913:
1912:
1910:
1906:
1899:
1898:
1897:Chinese Spies
1894:
1891:
1890:
1886:
1883:
1882:
1878:
1875:
1874:
1870:
1867:
1866:
1862:
1861:
1859:
1857:Notable works
1855:
1849:
1846:
1844:
1841:
1839:
1836:
1835:
1833:
1827:
1821:
1818:
1816:
1813:
1811:
1810:Geng Huichang
1808:
1806:
1803:
1801:
1798:
1796:
1793:
1792:
1790:
1788:
1784:
1765:
1762:
1760:
1757:
1756:
1754:
1752:
1748:
1742:
1739:
1738:
1736:
1732:
1726:
1723:
1717:
1712:
1709:
1708:
1707:
1704:
1703:
1701:
1697:
1689:
1686:
1685:
1684:
1681:
1679:
1676:
1674:
1671:
1669:
1666:
1664:
1661:
1660:
1658:
1656:
1650:
1644:
1641:
1639:
1636:
1634:
1631:
1629:
1626:
1624:
1621:
1619:
1616:
1614:
1611:
1609:
1606:
1604:
1601:
1599:
1596:
1592:
1589:
1588:
1587:
1584:
1582:
1579:
1575:
1572:
1571:
1570:
1567:
1565:
1562:
1560:
1557:
1555:
1552:
1548:
1545:
1544:
1543:
1540:
1538:
1535:
1531:
1528:
1527:
1526:
1523:
1521:
1518:
1516:
1513:
1511:
1508:
1507:
1505:
1501:
1493:
1490:
1489:
1488:
1485:
1483:
1480:
1478:
1475:
1471:
1468:
1467:
1466:
1463:
1462:
1460:
1456:
1450:
1447:
1443:
1440:
1439:
1438:
1437:United States
1435:
1433:
1430:
1428:
1425:
1423:
1420:
1418:
1415:
1413:
1410:
1406:
1403:
1402:
1401:
1398:
1396:
1393:
1391:
1388:
1386:
1383:
1381:
1378:
1376:
1373:
1371:
1368:
1366:
1363:
1361:
1358:
1356:
1353:
1351:
1348:
1346:
1343:
1342:
1340:
1336:
1333:
1329:
1324:
1320:
1316:
1310:
1306:
1299:
1294:
1292:
1287:
1285:
1280:
1279:
1276:
1260:
1257:
1255:
1254:Cyclops Blink
1252:
1251:
1249:
1245:
1239:
1236:
1235:
1233:
1229:
1223:
1220:
1218:
1215:
1214:
1212:
1208:
1205:
1201:
1194:
1191:
1188:
1185:
1182:
1179:
1176:
1173:
1170:
1167:
1164:
1161:
1158:
1155:
1152:
1149:
1146:
1143:
1140:
1137:
1134:
1131:
1128:
1125:
1122:
1119:
1118:
1116:
1114:
1109:
1104:
1098:
1095:
1093:
1090:
1088:
1085:
1084:
1082:
1080:
1076:
1070:
1069:Wizard Spider
1067:
1065:
1062:
1060:
1057:
1055:
1052:
1050:
1047:
1045:
1042:
1040:
1037:
1035:
1032:
1030:
1027:
1025:
1022:
1020:
1017:
1015:
1012:
1010:
1007:
1005:
1002:
1000:
997:
995:
992:
990:
987:
985:
982:
980:
977:
975:
972:
970:
967:
965:
962:
960:
957:
953:
950:
949:
948:
945:
944:
942:
938:
928:
925:
923:
920:
918:
915:
913:
910:
908:
905:
903:
900:
898:
895:
893:
890:
889:
887:
883:
877:
874:
872:
869:
867:
864:
862:
859:
857:
854:
852:
849:
848:
846:
842:
836:
834:
830:
828:
825:
823:
820:
818:
815:
813:
810:
808:
805:
803:
800:
798:
795:
793:
790:
789:
787:
783:
777:
774:
772:
769:
767:
764:
762:
759:
757:
754:
752:
749:
747:
744:
742:
739:
737:
734:
732:
729:
727:
724:
722:
719:
718:
716:
712:
706:
703:
701:
698:
696:
693:
691:
688:
686:
683:
681:
678:
676:
673:
672:
670:
666:
663:
659:
650:
648:
645:
643:
640:←
639:
638:
633:
624:
619:
617:
612:
610:
605:
604:
601:
582:
578:
574:
568:
565:
552:
548:
544:
537:
534:
521:
517:
513:
507:
504:
491:
487:
483:
477:
474:
461:
457:
453:
447:
444:
431:
427:
423:
419:
418:
413:
409:
403:
400:
387:
383:
382:
377:
371:
369:
365:
352:
348:
344:
338:
335:
322:
318:
314:
310:
303:
300:
287:
283:
279:
272:
270:
266:
253:
249:
245:
241:
235:
233:
229:
216:
212:
211:
206:
199:
197:
195:
191:
178:
174:
173:
168:
162:
159:
146:
140:
137:
130:
126:
123:
121:
118:
117:
113:
111:
109:
108:China Chopper
101:
99:
92:
90:
88:
82:
80:
76:
71:
69:
65:
59:
51:
49:
47:
43:
39:
35:
31:
27:
23:
19:
1895:
1887:
1879:
1871:
1863:
1815:Chen Wenqing
1800:Jia Chunwang
1559:Heilongjiang
1331:Organization
1064:ShinyHunters
1013:
964:Berserk Bear
835:content leak
832:
585:. Retrieved
576:
567:
555:. Retrieved
546:
536:
524:. Retrieved
515:
506:
494:. Retrieved
485:
476:
464:. Retrieved
455:
446:
434:. Retrieved
415:
402:
390:. Retrieved
379:
355:. Retrieved
346:
337:
325:. Retrieved
312:
302:
290:. Retrieved
281:
256:. Retrieved
243:
219:. Retrieved
208:
181:. Retrieved
170:
161:
149:. Retrieved
139:
105:
102:Capabilities
96:
83:
75:Dominic Raab
72:
61:
30:Silk Typhoon
29:
25:
21:
20:
18:
1714: [
1432:Enterprises
1139:FORCEDENTRY
1079:Individuals
999:Ghostwriter
807:Viasat hack
147:. Microsoft
1940:Categories
1831:operations
1820:Chen Yixin
1805:Xu Yongyue
1442:California
1127:Thunderspy
1044:OceanLotus
1034:LightBasin
984:DarkMatter
282:Redmondmag
151:21 January
131:References
125:Red Apollo
1787:Ministers
1525:Guangdong
1477:Chongqing
1259:Pipedream
1193:Sinkclose
1145:Log4Shell
1113:disclosed
1111:publicly
1009:Guacamaya
979:Cozy Bear
947:Anonymous
675:BlueLeaks
426:1059-1028
317:Microsoft
248:Microsoft
98:servers.
1865:Deserepi
1795:Ling Yun
1711:Hangzhou
1683:Xinjiang
1643:Zhejiang
1623:Shandong
1608:Liaoning
1482:Shanghai
1238:Predator
1222:Drovorub
1181:Terrapin
1169:LogoFAIL
1163:Downfall
1157:Retbleed
1121:SMBGhost
1097:Kirtaner
1054:Sandworm
1029:Lapsus$
989:DarkSide
969:BlackCat
647:Timeline
587:16 March
581:Archived
557:15 March
551:Archived
526:17 April
520:Archived
496:15 March
490:Archived
466:15 March
460:Archived
436:10 March
430:Archived
386:Archived
357:15 March
351:Archived
327:10 March
321:Archived
292:24 April
286:Archived
258:10 March
252:Archived
221:10 March
215:Archived
210:NBC News
183:10 March
177:Archived
172:BBC News
114:See also
1699:Schools
1673:Ningxia
1663:Guangxi
1633:Sichuan
1618:Shaanxi
1613:Qinghai
1598:Jiangxi
1586:Jiangsu
1537:Guizhou
1487:Tianjin
1465:Beijing
1412:CNITSEC
1319:Beijing
1217:Adrozek
1203:Malware
1187:GoFetch
1039:LockBit
1024:Killnet
1014:Hafnium
392:19 July
26:HAFNIUM
22:Hafnium
1915:Canada
1900:(2019)
1892:(2019)
1884:(2022)
1876:(2024)
1868:(2023)
1638:Yunnan
1628:Shanxi
1542:Hainan
1515:Fujian
1195:(2024)
1189:(2024)
1183:(2023)
1177:(2023)
1175:Reptar
1171:(2023)
1165:(2023)
1159:(2022)
1153:(2022)
1147:(2021)
1141:(2021)
1135:(2021)
1129:(2020)
1123:(2020)
1106:Major
994:Dridex
940:Groups
424:
1718:]
1678:Tibet
1603:Jilin
1591:APT26
1581:Hunan
1574:APT31
1569:Hubei
1564:Henan
1554:Hebei
1547:APT40
1520:Gansu
1510:Anhui
1492:APT10
1405:CICEC
1395:CICIR
1323:China
1049:REvil
642:2010s
547:ZDNet
417:Wired
87:APT40
46:APT40
1688:XPCC
1530:APT3
1247:2022
1231:2021
1210:2020
974:Clop
885:2024
844:2023
785:2022
714:2021
668:2020
589:2021
559:2021
528:2022
498:2021
468:2021
438:2021
422:ISSN
394:2021
359:2021
329:2021
294:2022
260:2021
223:2021
185:2021
153:2024
381:BBC
1942::
1716:zh
1321:,
1317:,
575:.
549:.
545:.
518:.
514:.
488:.
484:.
454:.
428:.
420:.
414:.
378:.
367:^
349:.
345:.
319:.
315:.
311:.
284:.
280:.
268:^
246:.
242:.
231:^
213:.
207:.
193:^
169:.
89:.
48:.
1325:)
1297:e
1290:t
1283:v
622:e
615:t
608:v
591:.
561:.
530:.
500:.
470:.
440:.
396:.
361:.
331:.
296:.
262:.
225:.
187:.
155:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.