The European Banking Authority (EBA) on Sunday said it had been a victim of a cyberattack targeting its Microsoft Exchange Servers, forcing it to temporarily take its email systems offline as a precautionary measure.
Hackers breached the email servers of the European Banking Authority (EBA) as part of the global cyberattacks targeting the Microsoft Exchange Server – and while the Paris-based financial security agency for the European Union says that no data has been stolen as part of the attack, it remains on high alert.
“As the vulnerability is related to the EBA’s email servers, access to personal data through emails held on that servers may have been obtained by the attacker,” the Paris-based regulatory agency said.
The EBA fell victim to a hacking campaign exploiting four zero-day vulnerabilities in the Microsoft Exchange Server that has affected tens of thousands of organizations around the world.
EBA said it’s launched a full investigation into the incident in partnership with its information and communication technology (ICT) provider, a team of forensic experts, and other relevant entities.
The vulnerabilities allowed cyber attackers to gain access to the European Banking Authority’s email servers, initially leading to fears that personal data may have been accessed by hackers.
In a second update issued on Monday, the agency said it had secured its email infrastructure and that it found no evidence of data extraction, adding it has “no indication to think that the breach has gone beyond our email servers.”
“Since it became aware of the vulnerabilities, the EBA has taken a proactive approach and carried out a thorough assessment to appropriately and effectively detect any network intrusion that could compromise the confidentiality, integrity, and availability of its systems and data,” the EBA said in a statement.
“Besides re-securing its email system, the EBA remains in heightened security alert and will continue monitoring the situation,” it added.
Stating that the Chinese Exchange server hacks are a major norms violation, Dmitri Alperovitch, chairman of the Silverado Policy Accelerator and co-founder of CrowdStrike, said “while it started as targeted espionage campaign, they engaged in reckless and dangerous behavior by scanning/compromising Exchange servers across the entire IPv4 address space with web shells that can now be used by other actors, including ransomware crews.”
The rapidly accelerating intrusions, which also come three months after the SolarWinds hacking campaign, have been primarily attributed to a group called Hafnium, which Microsoft says is a state-sponsored group operating out of China.
Analysis of the Microsoft Exchange Server attack was carried out by the European Banking Authority in collaboration with the European Union’s Computer Emergency Response Team (CERT-EU), as well as additional security experts.
The EBA is just one of the thousands of organizations around the world that are believed to have been targeted by attackers exploiting newly discovered zero-day flaws in Microsoft Exchange Server, the email inbox, calendar, and collaboration solution used by enterprises of all sizes around the world.
Microsoft has released a security update to patch the vulnerabilities and is urging customers to apply it as soon as possible to protect themselves from being attacked.