Microsoft Exchange server hack: Banking agency on 'heightened alert' after cyberattack

Hackers breached the email servers of the European Banking Authority (EBA) as part of the global cyberattacks targeting Microsoft Exchange Server – and while the Paris-based financial security agency for the European Union says that no data has been stolen as part of the attack, it remains on high alert.

The EBA fell victim to a hacking campaign exploiting four zero-day vulnerabilities in Microsoft Exchange Server that has affected tens of thousands of organisations around the world.

The vulnerabilities allowed cyber attackers to gain access to the European Banking Authority's email servers, initially leading to fears that personal data may have been accessed by hackers.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

However, in an update on the investigation into the incident, the EBA said the email infrastructure has been secured and at this stage it's believed "no data extraction has been performed" and there's "no indication to think that the breach has gone beyond our email servers".

The EBA's email system was taken offline as a precautionary measure but it has now been fully restored following the deployment of additional security measures.

"Since it became aware of the vulnerabilities, the EBA has taken a proactive approach and carried out a thorough assessment to appropriately and effectively detect any network intrusion that could compromise the confidentiality, integrity and availability of its systems and data," the EBA said in a statement.

"Besides re-securing its email system, the EBA remains in heightened security alert and will continue monitoring the situation," it added.

Analysis of the Microsoft Exchange Server attack was carried out by the European Banking Authority in collaboration with the European Union's Computer Emergency Response Team (CERT-EU), as well as additional security experts.

The EBA is just one of thousands of organisations around the world that are believed to have been targeted by attackers exploiting newly discovered zero-day flaws in Microsoft Exchange Server, the email inbox, calendar, and collaboration solution used by enterprises of all sizes around the world.

Microsoft has released a security update to patch the vulnerabilities and is urging customers to apply it as soon as possible to protect themselves from being attacked.

• Check to see if you're vulnerable to Microsoft Exchange Server zero-days using this tool
• Everything you need to know about the Microsoft Exchange Server hack

The cyberattacks targeting Microsoft Exchange Server have been attributed to a state-sponsored advanced persistent threat (APT) hacking group working out of China, dubbed Hafnium.

Other organisations targeted by the hacking group include think tanks, non-profits, defence contractors, higher education institutions and infectious disease researchers.

MORE ON CYBERSECURITY

• Check to see if you're vulnerable to Microsoft Exchange Server zero-days using this tool
• How the Microsoft Exchange hack could impact your organization
• Microsoft: We've found three more pieces of malware used by the SolarWinds attackers
• Congress confronts US cybersecurity weaknesses in wake of SolarWinds hacking campaign
• Cybersecurity: How to get your software patching strategy right and keep the hackers at bay