FamousSparrow began exploiting the vulnerabilities on March 3, 2021, the day after the fixes were released, indicating that it was yet another APT organization that had access to the information of the ProxyLogon vulnerability chain.

The threat actor, a Russian speaker, is taking advantage of Microsoft Exchange vulnerabilities to penetrate random networks. This threat has likely resulted in steep financial and data losses for companies.

Check Point Research (CPR) has observed a global surge in the number of ransomware attacks. In fact, since the beginning of 2021, there has been a 9% increase monthly in organizations affected ransomware.

These vulnerabilities let adversaries access Exchange Servers and potentially gain long-term access to victims’ environments. While the Microsoft Threat Intelligence Center (MSTIC) attributes the initial campaign with high confidence to HAFNIUM.