Microsoft has released an updated
script that scans Exchange log files for indicators of compromise (IOCs)
associated with the vulnerabilities
disclosed on March 2, 2021.
CERT Bulgaria is aware of widespread domestic and
international exploitation of these vulnerabilities and strongly recommends
organizations run the Test-ProxyLogon.ps1
script—as soon as possible—to help determine whether their systems are
compromised. For additional information on the script, see Microsoft’s blog HAFNIUM
targeting Exchange Servers with 0-day exploits.
For more information about these vulnerabilities and how to
defend against their exploitation, see: