{ "id": "3c375961-a624-422e-8e85-080808af4052", "created_at": "2026-04-06T01:29:37.92348Z", "updated_at": "2026-04-10T03:35:48.363481Z", "deleted_at": null, "sha1_hash": "b54d420ff824024e4ec73b9ada2bc99be0d47d82", "title": "Insights - Truesec", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49563, "plain_text": "Insights - Truesec\r\nPublished: 2026-03-31 · Archived: 2026-04-06 01:17:53 UTC\r\nTruesec\r\nWho We Are\r\nOur experts\r\nNewsroom\r\nBusiness Policy\r\nCareer\r\nCareer\r\nJob Openings\r\nKnowledge\r\nDownload 2026 Threat Report\r\nSign up for newsletter\r\nReports\r\nGuides\r\nContact us\r\nPhone:\r\nSweden: +46 8 10 00 10\r\nDenmark: +45 32 24 00 70\r\nE-mail:\r\nhello@truesec.com\r\nSweden\r\nHeadquarters Stockholm\r\nLuntmakargatan 18\r\n111 37 Stockholm\r\nhttps://blog.truesec.com/2021/03/07/exchange-zero-day-proxylogon-and-hafnium/\r\nPage 1 of 3\n\nMalmö\r\nTorggatan 4\r\nSeventh floor\r\n211 40 Malmö\r\nFinland\r\nTruesec Oy\r\nKeilaniementie 1\r\n02150 Espoo\r\nDenmark\r\nHeadquarters Copenhagen\r\nGlentevej 69, 1.\r\n2400 Copenhagen\r\nAarhus\r\nTruesec A/S\r\nÅbogade 13-15\r\n8200 Aarhus N\r\nGermany\r\nTruesec GmbH\r\nRosenheimer Str. 143c\r\n81671 München\r\nFollow us\r\nFacebook\r\nX\r\nLinkedIn\r\nYouTube\r\nTruesec Group’s Web Privacy Notice\r\nCancellation Policy for Events\r\nReporting Misconduct\r\nPenetration Test\r\nActive Directory Tiering\r\nEndpoint Detection and Response (EDR)\r\nSIEM\r\n© Truesec\r\nhttps://blog.truesec.com/2021/03/07/exchange-zero-day-proxylogon-and-hafnium/\r\nPage 2 of 3\n\nSource: https://blog.truesec.com/2021/03/07/exchange-zero-day-proxylogon-and-hafnium/\r\nhttps://blog.truesec.com/2021/03/07/exchange-zero-day-proxylogon-and-hafnium/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://blog.truesec.com/2021/03/07/exchange-zero-day-proxylogon-and-hafnium/" ], "report_names": [ "exchange-zero-day-proxylogon-and-hafnium" ], "threat_actors": [ { "id": "7c969685-459b-4c93-a788-74108eab6f47", "created_at": "2023-01-06T13:46:39.189751Z", "updated_at": "2026-04-10T02:00:03.241102Z", "deleted_at": null, "main_name": "HAFNIUM", "aliases": [ "Red Dev 13", "Silk Typhoon", "MURKY PANDA", "ATK233", "G0125", "Operation Exchange Marauder" ], "source_name": "MISPGALAXY:HAFNIUM", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "2704d770-43b4-4bc4-8a5a-05df87416848", "created_at": "2022-10-25T15:50:23.306305Z", "updated_at": "2026-04-10T02:00:05.296581Z", "deleted_at": null, "main_name": "HAFNIUM", "aliases": [ "HAFNIUM", "Operation Exchange Marauder", "Silk Typhoon" ], "source_name": "MITRE:HAFNIUM", "tools": [ "Tarrask", "ASPXSpy", "Impacket", "PsExec", "China Chopper" ], "source_id": "MITRE", "reports": null }, { "id": "529c1ae9-4579-4245-86a6-20f4563a695d", "created_at": "2022-10-25T16:07:23.702006Z", "updated_at": "2026-04-10T02:00:04.71708Z", "deleted_at": null, "main_name": "Hafnium", "aliases": [ "G0125", "Murky Panda", "Red Dev 13", "Silk Typhoon" ], "source_name": "ETDA:Hafnium", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775438977, "ts_updated_at": 1775792148, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/b54d420ff824024e4ec73b9ada2bc99be0d47d82.pdf", "text": "https://archive.orkl.eu/b54d420ff824024e4ec73b9ada2bc99be0d47d82.txt", "img": "https://archive.orkl.eu/b54d420ff824024e4ec73b9ada2bc99be0d47d82.jpg" } }