Microsoft released patches for 0-day exploits last week, but looks like hackers may have heard about the release of the patch. And so hackers began mass scans the week before. Even though you patched your server last week, you may have been compromised. The first thing you should do is backup all your Exchange Server's data and store the backup off-line. Then check if you have been PWNED via Check My OWA.
Here's some detailed articles:
HAFNIUM targeting Exchange Servers with 0-day exploits
Krebs has excellent coverage:
Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails
Comments