European Banking Authority victim of cyber attack linked to Microsoft Exchange hack

The loopholes in Microsoft Exchange revealed last week affected the European Banking Authority (EBA), in charge of financial stability in the European Union and ensuring the proper functioning of the banking sector. Indeed, it announces to be the object of a “cyberattack against its Microsoft Exchange servers”, in a press release published on March 7. In response, it took its messaging systems offline.

No data theft

According to the initial results of the internal investigation, “no data extraction was carried out” and nothing to “suggest that the violation has exceeded our mail servers”, details the institution. She explains that she is continuing her investigations and promises to have taken all the necessary precautions to protect personal data.

It is the first organization to officially declare itself a victim of the exploitation of the vulnerabilities of Microsoft Exchange since their revelations by the American company last week. Indeed, the Microsoft Threat Intelligence Center (MSTIC) announced in a blog post that a group of “highly qualified and sophisticated” hackers were targeting Exchange in order to steal the contents of the victims’ mailboxes.

Washington worries about the number of victims

Without revealing the potential number of victims, computer security experts attributed this malicious campaign to Hafnium, a group linked to Beijing. Despite the publication of four fixes, the White House – whose agencies are Microsoft Exchange users – is very worried by this incident which could “have profound consequences“, according to the spokesperson Jean Psaki.

It is the potentially huge number of victims that concerns Washington. According to Brian Krebs, an American cybersecurity journalist, “at least 30,000 organizations across the United States, including a significant number of small businesses, cities and local governments“would have been victims of Hafnium’s behavior. This number remains hypothetical since Microsoft has neither confirmed nor denied it.

China and Russia singled out

This new cyberattack campaign comes a few months after the SolarWinds campaign revealed last December and which affected the Orion suite used by a large number of public and private actors. The criminals are probably of “Russian” origin, according to US intelligence.

Newly in power, the President of the United States Joe Biden is determined to react to these attempts at intimidation. Jake Sullivan, the national security adviser, is responsible for working on this complex subject. According to the New York Times, he believes that the planned sanctions are no longer sufficient to deter China and Russia from carrying out attacks. New rules of conduct dedicated to cyberspace must be negotiated, he assures us.

Back to top button