By Frank Fang
The European Banking Authority (EBA) is the latest victim of a large-scale cyber-hacking attack connected to the Chinese regime against Microsoft’s email and calendar server.
Early last week, Microsoft announced via a blog post that Hafnium, a state-sponsored hacking group operating from China, exploited flaws in its Exchange Server software. Three versions of the software were affected—2013, 2016, and 2019—and the U.S. software giant released emergency security patches to address the security holes.
Microsoft explained that the Hafnium hackers were using the flaws to access email accounts and install malware to “facilitate long-term access to victim environments.”
Soon after, U.S.-based cybersecurity firm FireEye reported that the hacking group targeted a number of American targets, including “U.S.-based retailers, local governments, a university, and an engineering firm.”
On Sunday, the EBA, an EU financial regulator, announced that its email systems were compromised by the cyberattack.
“As the vulnerability is related to the EBA’s email servers, access to personal data through emails held on that servers may have been obtained by the attacker,” the EBA said in a statement.
On March 8, the EBA released another statement saying that its investigation was ongoing.
“At this stage, the EBA email infrastructure has been secured and our analyses suggest that no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers,” it said.
The EBA was not the only known victim. The city government of Lake Worth Beach in Florida said that its email server was down for about three days since March 3 as a result of the cyberattack, according to the local daily the Palm Beach Post.
The cyberattack has also drawn the concerns of the Biden administration. White House National Security Adviser Jake Sullivan wrote via Twitter on Thursday calling on network owners to apply the patches quickly while offering recommendations if their systems were compromised.
“This is an active threat,” said White House press secretary Jen Psaki on Friday. “Everyone running these servers—government, private sector, academia—needs to act now to patch them.”
“We are concerned that there are a large number of victims and are working with our partners to understand the scope of this,” Psaki added.
On Saturday, the Federal Bureau of Investigation said it was “working closely with our interagency and private sector partners to understand the scope of the threat.”
On March 8, the U.S. Department of Homeland Security’s cybersecurity agency took to Twitter asking “all organizations across all sectors” to follow its guidelines to address vulnerabilities within their Microsoft Exchange Server software.
At a daily briefing on March 3, China’s foreign ministry spokesperson Wang Wenbin rejected Microsoft’s claims. He added that media and companies should not “make groundless accusations.”
There have been previously known Chinese cyberattacks against U.S. entities.
In February last year, the U.S. Department of Justice indicted four members of the Chinese military for hacking the online systems of U.S. credit-reporting agency Equifax in 2017. The hackers stole names, birth dates, and social security numbers for about 145 million Americans.
The U.S. Office of Personnel Management was the target of a Chinese cyberattack in 2015, which resulted in the stolen records of about 4.2 million current and former federal employees.