Related blog content
Patch now! Exchange servers attacked by Hafnium zero-daysMicrosoft Exchange attacks cause panic as criminals go shell collecting
Backdoor.Hafnium is Malwarebytes' detection name for malicious web shells used in the ProxyLogon attacks instigated by the Hafnium group.
Backdoor.Hafnium is a detection name for web shells on Microsoft Exchange servers. A web shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application. Backdoor.Hafnium web shells were dropped by using the ProxyLogon vulnerability (CVE-2021-26855) as part of an APT attack to gather information about the organizations running the affected servers.
Select your language