March 6, 2021

Statement on Microsoft Exchange Server Vulnerabilities

The FBI is aware of Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software, attributed to the APT actor known by Microsoft as HAFNIUM. The FBI is working closely with our interagency and private sector partners to understand the scope of the threat. Network owners should immediately patch their systems.

Help us respond to victims and hold those responsible accountable. If your Exchange Server from Microsoft has been compromised, please contact your local FBI field office.