Categories: SecurityWorkspace

European Banking Authority Compromised By Exchange Hackers

The European Banking Authority (EBA) said it temporarily disabled its email systems after discovering they had been hacked as part of an ongoing campaign targeting Microsoft Exchange servers worldwide.

The agency said it has launched a “full investigation”.

“The EBA is working to identify what, if any, data was accessed. Where appropriate, the EBA will provide information on measures that data subjects might take to mitigate possible adverse effects,” the EBA said in a statement.

It added in a later update that so far it had found no signs that sensitive data had been stolen.

M2M: The Future of Cybersecurity

Ongoing attacks

“At this stage, the EBA email infrastructure has been secured and our analyses suggest that no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers,” the EBA said.

The Microsoft Exchange attacks make use of multiple previously unknown security flaws that Microsoft patched last week.

The company said the flaws were initially exploited covertly by a Chinese state-backed group it calls Hafnium. China has said it is not involved.

But after the flaws became more widely known, other attackers have swiftly made use of them over the past few days to carry out wide-ranging hacks on organisations that have not yet patched their Exchange servers.

‘Active threat’

Microsoft said in an update to its original security advisory that it was seeing “increased use” of the vulnerabilities by “multiple malicious actors beyond Hafnium”.

There are now an estimated 60,000 known successful compromises around the world, Bloomberg reported, citing an unnamed former US official involved in the investigation.

The White House said late last week the attacks remained an “active threat”, while the White House National Security Council urged organisations to take “immediate measures” to determine if they were targeted.

Computer security group Huntress said it had seen a range of medium-sized businesses hit by the attacks, including small hotels, an ice-cream company, a kitchen-appliance manufacturer and senior citizen communities.

Security firm Mandiant said it had seen US-based retailers, local governments, a university and an engineering firm affected.

Network exposure

The initial hacks by Hafnium focused on accessing information from the email servers themselves, while the more recent attacks have increasingly seen attackers using their Exchange access to penetrate into other parts of the network.

As a result, security officials are urging organisations to scan their networks for signs that they have been compromised.

Microsoft has updated its own Microsoft Safety Scanner (MSERT) to detect tools used in the attacks.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

11 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

11 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

12 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

14 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

17 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

17 hours ago