European Banking Authority hit by Microsoft Exchange hack

  • Published
Microsoft logo on a shop frontImage source, Reuters

The European Banking Authority's email servers have been compromised in a global Microsoft Exchange cyber-attack.

The EU body said personal data may have been accessed from its servers. And it had pulled its entire email system offline while it assessed the damage.

"The EBA is working to identify what, if any, data was accessed," it said.

Microsoft Exchange servers are widely used for email by major businesses and governments. But few organisations have yet admitted being hit by the attack.

What happened?

The cyber-attack had exploited a vulnerability in Microsoft's Exchange email system - or sometimes used stolen passwords - to look like someone who should have access to the system, Microsoft said.

Then, it would take control of the email server remotely - and steal data from the network.

US officials warned at the weekend the attack remained an "active threat".

"Everyone running these servers - government, private sector, academia - needs to act now to patch them," White House press secretary Jan Psaki said.

Microsoft believes a Chinese state-sponsored attacker called Hafnium is behind the hack.

But China denies any involvement.

The BBC is not responsible for the content of external sites.View original tweet on Twitter

The US National Security Council said compromised companies needed to take further steps - and encouraged all organisations to identify whether they had been affected.

For the everyday reader, you'd be forgiven for scrolling past this as "just another cyber-security crisis".

After all, the US government is still dealing with the widespread Solar Winds attacks from December.

But the Microsoft Exchange Hack is itself extremely serious for different reasons.

The Solar Winds hack was straightforward. It was about Russia stealing national security intelligence from USA.

The Microsoft Exchange Hack is being blamed on a Chinese hacking team called Hafnium but their motives are less clear.

Some small government agencies may be affected, but the victims here are a far more diverse pool of organisations from large banks to small businesses.

The hackers taking advantage of the new techniques developed by Hafnium seem to be multiplying too.

The reported attacks are so numerous now that there are suggestions other groups including cyber-criminal gangs could be getting stuck in too.

It's a mess.

Who has been attacked?

Initial estimates suggested some 30,000 US organisations may have been affected.

But there were now claims the attack had at least 60,000 known victims, Bloomberg reported, citing an anonymous former US official involved in the investigation.

Microsoft's security officials said Hafnium, "primarily targets entities in the United States", stealing information from organisations such as "infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks and NGOs [non-governmental organisations]".

But cyber-security group Huntress said it had seen 300 of its partners' servers affected.

"These companies do not perfectly align with Microsoft's guidance, as some personas are small hotels, an ice-cream company, a kitchen-appliance manufacture, multiple senior-citizen communities and other 'less than sexy' mid-market businesses," it blogged.

It had also discovered affected local government, healthcare, banks and electricity companies.