No data stolen during cyber-mega-attack, says EBA
Chris Hamblin, Editor, London, 15 March 2021
The European Banking Authority, along with many unnamed organisations, has been the subject of a cyber-attack against its Microsoft Exchange Servers. It says, however, that the hackers did not steal any email data.
Microsoft is blaming a Chinese organisation called Hafnium for the hack, although the Chinese Government has denied it. Bloomberg, meanwhile, says that an unnamed US official told it that the Government has identified 60,000 victims.
A spokeswoman for the EBA told Compliance Matters that the hackers stole no information from its emails, which in turn means that bank account data is safe. She conflated a 'vulnerability' that related to the EBA's email servers with the attack itself, but a Microsoft blog reveals the true origin of the EBA's use of the word.
"Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. To date, Hafnium is the primary actor we’ve seen use these exploits. The attacks included three steps. First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the US-based private servers – to steal data from an organisation’s network. Today, we released security updates that will protect customers running Exchange Server."
The EBA says that the event was 'limited' although, in reality, all events are. It is still carrying on an investigations. The spokeswoman said that, as a precaution, it suspended its email service "over the weekend and on Monday." She added: "the EBA remains on heightened security alert and will continue monitoring the situation."