HAFNIUM targeting Exchange Servers FAQ: https://docs.microsoft.com/en-us/answers/questions/298536/faq-for-march-2021-exchange-server-security-update.html
The Exchange Server team has created a script to run a check for HAFNIUM IOCs to address performance and memory concerns. That script is available here: https://github.com/microsoft/CSS-Exchange/tree/main/Security.
The recommendation is to rebuild the Exchange server if you are seeing indicators of compromise.
Great reading on lateral movement and crypto spread: https://blueteamblog.com/microsoft-exchange-zero-days-mitigations-and-detections
The team at Huntress Labs has a very good write-up worth reading: https://support.huntress.io/article/315-0-day-exploit-exchange-hafnium
Read over our Reddit Thread and Huntress Blog that gives our details on what to look for–we will continue updating them as we have more information.
Make absolutely 100% sure you have the latest Exchange Server updates. For Exchange 2013, 2016, 2019 refer to KB5000871 and for Exchange 2010 refer to KB5000978.