EU Banking Regulator Hit by Attack on Microsoft’s Exchange Servers

The European Banking Authority, EBA, said it has become the most recent victim of a cyber-attack, which Microsoft said last week was orchestrated by Chinese spies.

Microsoft buildings EUEU Microsoft Building (Photo: efes, CC0, via Wikimedia Commons)The EBA said on Monday that it believes no data was extracted from the attack on its Microsoft Exchange Servers, and that it has now secured its email infrastructure.  

Last week, Microsoft’s Threat Intelligence Center (MSTIC) announced the breach and alleged that Chinese cyber spies exploited a security flaw in the system to gain access to the Exchange’s suite servers, a mailing platform extensively used by businesses.

Microsoft attributed the attack to a China-based “new government-backed threat actor” called Hafnium, which has reportedly targeted defense companies, political think tanks, NGOs, research centers, universities, and law firms, according to the company.  

The tech giant launched security updates and urged customers to install the patches immediately. Microsoft has not stated the scale of the attack, but a source told Bloomberg that at least 60,000 victims have been affected globally.  

Some of the victims include small or medium-sized businesses, local government, healthcare providers, financial institutions, and electricity providers, the security platform Huntress reported

White House Press Secretary, Jen Psaki, said on Friday that U.S. authorities are concerned about the number of victims and are currently working "to understand the scope of the attack."  

“This is a significant vulnerability that could have far-reaching impacts. First and foremost, this is an active threat. And as the National Security Advisor tweeted last night, everyone running these servers — government, private sector, academia — needs to act now to patch them,” Psaki said in a press conference. 

President Joe Biden’s national security adviser Jake Sullivan urged Microsoft Exchange customers earlier on Friday to install the company's emergency patch. 

“We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities,” Sullivan wrote on Twitter.