F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Abed_AL-R's avatar
Abed_AL-R
Icon for Cirrostratus rankCirrostratus
Mar 04, 2021

hafnium attack | exchange iapp

Hi we're publishing the owa/outlook through f5 ltm and yesterday we received and update that new kind of attack is targeting exchange servers https://www.microsoft.com/security/blog/2021/03/02/...
iApps
LTM
security
boneyard's avatar
boneyard
Icon for MVP rankMVP
Mar 04, 2021

APM seems like the way to go, if you add authentication before traffic reaching the Exchange server you have a good protection.

 

it remains kinda unclear in which path the attacks focus, this website suggests one. but things move quickly probably.

 

https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/

 

boneyard's avatar
boneyard
Icon for MVP rankMVP
Mar 06, 2021

if you have ASM / AWAF this is useful to check:

 

https://devcentral.f5.com/s/articles/HAFNIUM-APT-Group-Exploiting-Microsoft-Exchange-Vulnerabilities

  • Abed_AL-R's avatar
    Abed_AL-R
    Icon for Cirrostratus rankCirrostratus
    Mar 06, 2021

    Thank you boneyard :) Great articles

    We do have the APM along with 2fa on the OWA

    we'll check also the ASM option

    I saw also that DevCentral published ASM template to have OWA in blocking mode from day one

    https://devcentral.f5.com/s/articles/new-asm-outlook-web-access-owa-2016-template-for-bigip-v13-29413