The European Banking Authority (EBA), a key EU financial regulator, said hackers have compromised its Microsoft Exchange servers as part of a global cyberattack, which is affecting thousands organizations worldwide. Following the cyberattack, the agency took offline its email systems as a security measure.
“The Agency has swiftly launched a full investigation, in close cooperation with its ICT provider, a team of forensic experts and other relevant entities,” EBA said in a press release published over the weekend.
“As the vulnerability is related to the EBA’s email servers, access to personal data through emails held on that servers may have been obtained by the attacker. The EBA is working to identify what, if any, data was accessed. Where appropriate, the EBA will provide information on measures that data subjects might take to mitigate possible adverse effects.”
In an update released Monday EBA said that so far the investigators have not found any evidence that the hackers stole the data.
“At this stage, the EBA email infrastructure has been secured and our analyses suggest that no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers,” the regulator said.
Last week, Microsoft released the emergency security updates for its Exchange Server enterprise email product to patch four zero-day vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) that have been actively exploited in real-world attacks. All of the flaws are described as an input validation error issue and allow remote code execution using specially crafted data sent to the Exchange server.
The affected Exchange Server versions include Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, and Microsoft Exchange Server 2019. Microsoft Exchange Online is not impacted.
Microsoft attributed the attacks to the China-linked state-sponsored hacker group known as Hafnium, which is focused on a number of industry sectors in the US, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs, seeking to steal information.
Initial estimates suggested that at least 30,000 organizations across the United states, including small businesses, towns, cities and local governments, have been affected in the Microsoft Exchange hack. However, citing an anonymous former US official involved in the investigation, Bloomberg reported that at least 60,000 organizations around the globe may have been compromised in the Microsoft Exchange hack.