The effects of a hack on Microsoft’s email infrastructure have reached Europe with the European Banking Authority stating its email servers have been compromised.
The details of the vulnerability in Microsoft Exchange, its system for managing its email services, emerged last week. The flaw allowed the attackers to exploit and take control of email servers remotely and access their data.
Cybersecurity journalist and researcher Brian Krebs reported that around 30,000 US-based companies and organisations were affected.
Over the weekend, the White House described the incident as an “active threat”.
“Everyone running these servers – government, private sector, academia – needs to act now to patch them,” White House press secretary Jen Psaki said last week.
Now, the vulnerabilities have reared their heads on this side of the Atlantic. The EBA said its investigation into the compromise was ongoing and it is deploying further security measures to protect its systems.
“At this stage, the EBA email infrastructure has been secured and our analyses suggest that no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers,” the regulatory body said in a statement.
Chris Krebs, the former US government official that previously headed up the Cybersecurity and Infrastructure Security Agency, said on Twitter that the attack is the “real deal” and that anyone running a Microsoft Outlook Web Access server should “assume compromise”.
Over the weekend, Microsoft issued several updates to try and mitigate the threat.
While taking stock of the extent of the attacks, Microsoft has pointed the finger at Chinese culprits. It has dubbed the attacker group Hafnium and said it is a “highly skilled and sophisticated actor”.
“Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks and NGOs,” Microsoft said in a blog post.
China has denied involvement in the attacks.
The post EU banking authority hit by far reaching Microsoft email hack appeared first on Silicon Republic.