Categories: SecurityWorkspace

European Banking Authority Compromised By Exchange Hackers

The European Banking Authority (EBA) said it temporarily disabled its email systems after discovering they had been hacked as part of an ongoing campaign targeting Microsoft Exchange servers worldwide.

The agency said it has launched a “full investigation”.

“The EBA is working to identify what, if any, data was accessed. Where appropriate, the EBA will provide information on measures that data subjects might take to mitigate possible adverse effects,” the EBA said in a statement.

It added in a later update that so far it had found no signs that sensitive data had been stolen.

M2M: The Future of Cybersecurity

Ongoing attacks

“At this stage, the EBA email infrastructure has been secured and our analyses suggest that no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers,” the EBA said.

The Microsoft Exchange attacks make use of multiple previously unknown security flaws that Microsoft patched last week.

The company said the flaws were initially exploited covertly by a Chinese state-backed group it calls Hafnium. China has said it is not involved.

But after the flaws became more widely known, other attackers have swiftly made use of them over the past few days to carry out wide-ranging hacks on organisations that have not yet patched their Exchange servers.

‘Active threat’

Microsoft said in an update to its original security advisory that it was seeing “increased use” of the vulnerabilities by “multiple malicious actors beyond Hafnium”.

There are now an estimated 60,000 known successful compromises around the world, Bloomberg reported, citing an unnamed former US official involved in the investigation.

The White House said late last week the attacks remained an “active threat”, while the White House National Security Council urged organisations to take “immediate measures” to determine if they were targeted.

Computer security group Huntress said it had seen a range of medium-sized businesses hit by the attacks, including small hotels, an ice-cream company, a kitchen-appliance manufacturer and senior citizen communities.

Security firm Mandiant said it had seen US-based retailers, local governments, a university and an engineering firm affected.

Network exposure

The initial hacks by Hafnium focused on accessing information from the email servers themselves, while the more recent attacks have increasingly seen attackers using their Exchange access to penetrate into other parts of the network.

As a result, security officials are urging organisations to scan their networks for signs that they have been compromised.

Microsoft has updated its own Microsoft Safety Scanner (MSERT) to detect tools used in the attacks.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Eagle-i Seeks To Predict, Prevent Cyberattacks

Proactive security approach. New security platform from BT Security, dubbed 'Eagle-i', seeks to predict and…

2 days ago

Apple Risks South Korean Clash After Investigation Warning

South Korean government official warns of possible investigation into Apple's compliance with new App Store…

2 days ago

Moscow Metro Facial Recognition System For Speedy Payments

Privacy concern. Moscow's Metro system has launched 'Face Pay', a mass facial recognition system for…

2 days ago

US Army Delays $22 Billion Microsoft Augmented Reality Headsets

United States Army pushes back deployment date of Microsoft's augmented reality headsets, but insists it…

3 days ago

TSMC Confirms Chip Plant For Japan

Taiwanese chip giant TSMC confirms it will build a chip factory in Japan, that will…

3 days ago

GitLab Raises $800m In Successful Initial Public Offering

After a successful public debut that raised hundreds of millions of dollars, coding platform GitLab…

3 days ago