EBA victim of an attack targeting Microsoft Exchange vulnerabilities

The European Banking Authority (EBA) said on Monday that it had been the target of a cyber-attack that exploited flaws in Microsoft's email server software, while assuring that no data had been affected.

The regulator holds sensitive data on EU banks and their outstanding credit levels.

Following the attack, which affected a large number of other organisations around the world, the authority launched "a thorough investigation" and decided, as a precautionary measure, to disable its email system "as the vulnerability is related to the European Banking Authority's email servers."

No compromise to date

However, the authority confirmed on 9 March 2021 that the scope of the vulnerability was very limited and that EBA's systems and data had not been compromised. This analysis work was carried out with the help of CERT-EU, the EBA's IT suppliers and a team of forensic experts.

The EBA is one of several thousand organisations in Asia and Europe that have been the target of attacks and which, according to Microsoft, use vulnerabilities in various versions of its mail server software. Already in December 2020, part of the source code (Exchange and Azure) had been downloaded allowing hackers to search for new flaws, or even to create copies of these programs with backdoors.

More than 5000 Exchange servers already taken over

ESET Research has found that more than ten different cyber criminal groups are exploiting recent vulnerabilities in Microsoft Exchange: 5000 mail servers are reportedly affected by these malicious activities. In early March, Microsoft released patches for Exchange 2013, 2016 and 2019 servers that address a series of remote code execution (RCE) pre-authentication vulnerabilities.