Mandiant: MS Exchange bugs first exploited in January Analysis from technical teams at FireEye’s Mandiant tracked activity exploiting newly disclosed vulnerabilities in Microsoft Exchange Server more than a month ago Share this item with your network: By Published: 05 Mar 2021 15:00 Malicious actors were abusing four vulnerabilities disclosed this week in on-premise instances of Microsoft Exchange Server as far back as January 2021, according to a new report produced by FireEye Mandiant researchers Matt Bromiley, Chris DiGiamo, Andrew Thompson and Robert Wallace. Disclosed earlier this week alongside an out-of-sequence patch, exploitation of the four vulnerabilities, one rated critical and three medium, was linked by Microsoft to a Chinese advanced persistent threat (APT) group known as Hafnium, although there is already bountiful evidence to suggest exploitation of the CVEs goes far beyond one group.