Hafnium is a group of cyberattackers originating from China. The collective recently came into the spotlight due to Microsoft linking them to recent attacks exploiting four zero-day vulnerabilities -- CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 -- in Microsoft Exchange Server. Microsoft says that Hafnium tends to strike targets in the United States, focusing on industries including defense, research, law, and higher education. While believed to be based in China, the group uses leased virtual private servers (VPS) in the US. Due to the renewed interest in Hafnium, on Monday, Trustwave published an analysis of one of the group's tools, China Chopper, which is a web shell widely used for post-exploitation activities.