HAFNIUM (fbb66d6c-0faa-49cc-8aa3-2f9bd4e9c298)

HAFNIUM primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs. HAFNIUM has previously compromised victims by exploiting vulnerabilities in internet-facing servers, and has used legitimate open-source frameworks, like Covenant, for command and control. Once they’ve gained access to a victim network, HAFNIUM typically exfiltrates data to file sharing sites like MEGA. In campaigns unrelated to these vulnerabilities, Microsoft has observed HAFNIUM interacting with victim Office 365 tenants. While they are often unsuccessful in compromising customer accounts, this reconnaissance activity helps the adversary identify more details about their targets’ environments. HAFNIUM operates primarily from leased virtual private servers (VPS) in the United States.

Rows: 2
Loading extensions...
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.2
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Microsoft Activity Group actor Threat Actor		Clear Microsoft Activity Group actor Threat Actor	Clear 1 2
HAFNIUM (4f05d6c1-3fc1-4567-91cd-dd4637cc38b5)	Threat Actor	HAFNIUM (fbb66d6c-0faa-49cc-8aa3-2f9bd4e9c298)	Microsoft Activity Group actor	1
Silk Typhoon (9728610a-17cb-5cac-9322-ef19ae296a29)	Microsoft Activity Group actor	HAFNIUM (4f05d6c1-3fc1-4567-91cd-dd4637cc38b5)	Threat Actor	2

HAFNIUM (fbb66d6c-0faa-49cc-8aa3-2f9bd4e9c298)

TableFilter v0.7.2