PRC state-sponsored intrusion set named by Microsoft for the January 2021 mass exploitation of on-prem Exchange Server via the ProxyLogon chain (CVE-2021-26855 / -26857 / -26858 / -27065). Hafnium op…
PRC-attributed intrusion set identified by Microsoft in July 2023 after it forged authentication tokens using a stolen Microsoft MSA consumer signing key, enabling access to the Exchange Online mailb…