By Frank Fang
The European Banking Authority (EBA) is the latest victim of a large-scale cyber-hacking attack connected to the Chinese regime against Microsoft’s email and calendar server.
Early last week, Microsoft announced via a blog post that Hafnium, a state-sponsored hacking group operating from China, exploited flaws in its Exchange Server software. Three versions of the software were affected—2013, 2016, and 2019—and the U.S. software giant released emergency security patches to address the security holes.
Microsoft explained that the Hafnium hackers were using the flaws to access email accounts and install malware to “facilitate long-term access to victim environments.”
Soon after, U.S.-based cybersecurity firm FireEye reported that the hacking group targeted a number of American targets, including “U.S.-based retailers, local governments, a university, and an engineering firm.”
On Sunday, the EBA, an EU financial regulator, announced that its email systems were compromised by the cyberattack.
“As the vulnerability is related to the EBA’s email servers, access to personal data through emails held on that servers may have been obtained by the attacker,” the EBA said in a statement.
On March 8, the EBA released another statement saying that its investigation was ongoing.
“At this stage, the EBA email infrastructure has been secured and our analyses suggest that no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers,” it said.
The EBA was not the only known victim. The city government of Lake Worth Beach in Florida said that its email server was down for about three days since March 3 as a result of the cyberattack, according to the local daily the Palm Beach Post.
The cyberattack has also drawn the concerns of the Biden administration. White House National Security Adviser Jake Sullivan wrote via Twitter on Thursday calling on network owners to apply the patches quickly while offering recommendations if their systems were compromised.
“This is an active threat,” said White House press secretary Jen Psaki on Friday. “Everyone running these servers—government, private sector, academia—needs to act now to patch them.”
“We are concerned that there are a large number of victims and are working with our partners to understand the scope of this,” Psaki added.
On Saturday, the Federal Bureau of Investigation said it was “working closely with our interagency and private sector partners to understand the scope of the threat.”
On March 8, the U.S. Department of Homeland Security’s cybersecurity agency took to Twitter asking “all organizations across all sectors” to follow its guidelines to address vulnerabilities within their Microsoft Exchange Server software.
At a daily briefing on March 3, China’s foreign ministry spokesperson Wang Wenbin rejected Microsoft’s claims. He added that media and companies should not “make groundless accusations.”
There have been previously known Chinese cyberattacks against U.S. entities.
In February last year, the U.S. Department of Justice indicted four members of the Chinese military for hacking the online systems of U.S. credit-reporting agency Equifax in 2017. The hackers stole names, birth dates, and social security numbers for about 145 million Americans.
The U.S. Office of Personnel Management was the target of a Chinese cyberattack in 2015, which resulted in the stolen records of about 4.2 million current and former federal employees.
Affiliate News Feeds
- Internet of Things
- Industry News
The tech titan Amazon used its show in Las Vegas to talk about watery matters, supply chains and much more. The post AWS re:Invent 2022: A tiered tour of technology… [...]
In a recent interview with Ravi Pendekanti, SVP of Product Management & Marketing at Western Digital, he explained how they have expanded their HDD technology to lower total cost of… [...]
Our picks for the top Amazon Cyber Week deals to ease the stress of those who work from home. The post 5 Amazon Cyber Week deals sure to make remote… [...]
UK-based IoT connectivity platform provider seeks élan and style by snapping up French firm. The post Wireless Logic continues acquisition spree with IoThink Solutions deal appeared first on TechRepublic. [...]
Consider securing your remote work setup with a three-year subscription to a top VPN. Windscribe Pro is more than 70% off today only. The post Lock in 3 years of… [...]
The company’s products seek to address real-time data transport, edge data collection instruments. The post NVIDIA unveils supercomputing and edge products at SC22 appeared first on TechRepublic. [...]
An account takeover (ATO), in which criminals impersonate legitimate account owners to take control of an account, are on the rise in Asia and across the world. Fraudsters are swindling… [...]
Experts warn that API attacks will soon become the most common type of web application attack. As a result, organizations and their security vendors need to align across people, processes,… [...]
Read how to install the Trello app in macOS and why it will make your project management even easier. The post How to install the Trello app on macOS and… [...]
Find out if one of these top seven Wrike alternatives are an ideal project management solution for you and your team. The post Top 7 Wrike alternatives for project and… [...]