European Banking Authority Attacked

Uploaded on 2021-03-13 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

The European Banking Authority (EBA) has taken all it’s email systems offline as i its Microsoft Exchange Servers have been hacked by what might be a Chinese state-backed hacking group. 

The EBA isn’t the only organisation under attack, as there is a lot of hacking groups across the world exploiting vulnerabilities to Microsoft's unpatched servers. The Agency has swiftly launched a full investigation, in close co-operation with its ICT provider, a team of forensic experts and other relevant entities.

Microsoft has recently issued emergency patches, but these do not fix systems that have already been attacked. Many of the victims appear to be small or medium-sized businesses although larger groups like the EBA have also been hit.  

The EBA says that access to personal data through emails held on MS Exchange servers may have been obtained by the attacker. It is currently scrambling to identify what, if any, data was accessed.  "The Agency has launched a full investigation, in close cooperation with its ICT provider, a team of forensic experts and other relevant entities," it states. 

"Where appropriate, the EBA will provide information on measures that data subjects might take to mitigate possible adverse effects. As a precautionary measure, the EBA has decided to take its email systems offline."

The EBA claims to be working to identify what, if any, data was accessed. Where appropriate, the EBA will provide information on measures that data subjects might take to mitigate possible adverse effects. In an update on the evolving situation, Microsoft says: "In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments."

Microsoft has attributed the attack to Hafnium, a state-sponsored hacking group operating out of China. The attack, which Microsoft has said started with a Chinese government-backed hacking group, has so far claimed at least 60,000 known victims globally, according to a former senior US official with knowledge of the investigation. 
Many of them appear to be small or medium-sized businesses although larger groups like the EBA have also been hit.  

EBA:       Finextra:      Telegraph:     EUReporter:   Daily Maverick:       Silicon:    

You Might Also Read: 

New Zealand Central Bank Cyber Attack:

 

« Hacker Forums Hacked
British Cyber Security Spending Is Rising »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

Infineon Technologies

Infineon Technologies

Infineon is a leader in semiconductor solutions for a huge range of applications including automation, smart systems and security for the Internet of Things.

Allgress

Allgress

Allgress solutions converge disparate risk silos across enterprise networks and automate governance, risk and compliance management processes.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

idappcom

idappcom

idappcom provides unique industry approved software solutions for auditing and enhancing the threat recognition and response capabilities of your corporate security defences.

Sqreen

Sqreen

Sqreen is a web application security monitoring and protection solution helping companies protect their apps and users from attacks.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

Responsible Cyber

Responsible Cyber

Protect yourself with Responsible Cyber’s 360° platform, IMMUNE, arming you with comprehensive support for your business.

EVOKE

EVOKE

EVOKE is an award-winning Digital Transformation company that partners with its clients to build digital workplace solutions for organizational challenges.

CoursesOnline

CoursesOnline

CoursesOnline.co.uk is a database listing IT security courses from providers across the UK.

Content+Cloud

Content+Cloud

Content+Cloud is a leading technology services business and Managed Services Provider (MSP) with a genuine passion for helping your organisation to succeed, whatever your ambitions.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

Traceable

Traceable

Traceable was founded to protect applications from next-generation attacks.

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

Algoritha

Algoritha

Algoritha is a pioneering entity in the realm of security and forensic services.