The Chinese state-sponsored group dubbed Hafnium ramped up and automated its campaign after the patch was released. In the US, the group infiltrated at least 30,000 organizations using Exchange to process email, including police departments, hospitals, local governments, banks, credit unions, non—profits and telecommunications providers.
Worldwide, the number of victims is reportedly in the hundreds of thousands. A former national security official Wired talked to said thousands of servers are getting compromised per hour around the world.
When Microsoft announced its emergency patch, it credited security firm Volexity for notifying it about Hafnium’s activities. Volexity president Steven Adair now said that even organizations that patched their servers on the day Microsoft’s security update was released may have still been compromised.