European Banking Authority Compromised By Exchange Hackers

The European Banking Authority (EBA) said it temporarily disabled its email systems after discovering they had been hacked as part of an ongoing campaign targeting Microsoft Exchange servers worldwide.

The agency said it has launched a “full investigation”.

“The EBA is working to identify what, if any, data was accessed. Where appropriate, the EBA will provide information on measures that data subjects might take to mitigate possible adverse effects,” the EBA said in a statement.

It added in a later update that so far it had found no signs that sensitive data had been stolen.

Ongoing attacks

“At this stage, the EBA email infrastructure has been secured and our analyses suggest that no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers,” the EBA said.

The Microsoft Exchange attacks make use of multiple previously unknown security flaws that Microsoft patched last week.

The company said the flaws were initially exploited covertly by a Chinese state-backed group it calls Hafnium. China has said it is not involved.

But after the flaws became more widely known, other attackers have swiftly made use of them over the past few days to carry out wide-ranging hacks on organisations that have not yet patched their Exchange servers.

‘Active threat’

Microsoft said in an update to its original security advisory that it was seeing “increased use” of the vulnerabilities by “multiple malicious actors beyond Hafnium”.

There are now an estimated 60,000 known successful compromises around the world, Bloomberg reported, citing an unnamed former US official involved in the investigation.

The White House said late last week the attacks remained an “active threat”, while the White House National Security Council urged organisations to take “immediate measures” to determine if they were targeted.

Computer security group Huntress said it had seen a range of medium-sized businesses hit by the attacks, including small hotels, an ice-cream company, a kitchen-appliance manufacturer and senior citizen communities.

Security firm Mandiant said it had seen US-based retailers, local governments, a university and an engineering firm affected.

Network exposure

The initial hacks by Hafnium focused on accessing information from the email servers themselves, while the more recent attacks have increasingly seen attackers using their Exchange access to penetrate into other parts of the network.

As a result, security officials are urging organisations to scan their networks for signs that they have been compromised.

Microsoft has updated its own Microsoft Safety Scanner (MSERT) to detect tools used in the attacks.