[BreachExchange] European banking regulator EBA targeted in Microsoft hacking

[Destry Winant]

https://www.reuters.com/article/us-microsoft-hack-eba/european-banking-regulator-eba-targeted-in-microsoft-hacking-idUSKBN2B01RP

FRANKFURT (Reuters) - The European Banking Authority on Monday said it
had been targeted by hackers, although no data had been obtained and
it was redoubling efforts to shield itself amid a global cyber attack
exploiting flaws in Microsoft’s mail server software.

The European Union’s banking regulator, which gathers and stores
swathes of sensitive data about banks and their lending, said it
believed the cyber attack had struck only its email servers.

It is the latest prominent victim among tens of thousands of
organisations in Asia and Europe targeted in a campaign which
Microsoft Corp says makes use of previously undetected vulnerabilities
in different versions of its mail server software.

The hacks are continuing despite emergency patches issued by
Microsoft, which has said it is working with government agencies and
security companies to help customers.

However, one scan of connected devices showed only 10% of those
vulnerable had installed the patches by Friday, though the number was
rising.

Microsoft and a person working with the U.S. response blamed the
initial wave of attacks on a Chinese government-backed actor. A
Chinese government spokesman said the country was not behind the
intrusions.

What started as a controlled attack late last year against a few
classic espionage targets grew last month to a widespread campaign.
More attacks are expected from other hackers as the code used to take
control of the mail servers spreads.

All of those affected appear to run Web versions of email client
Outlook and host them on their own machines, instead of relying on
cloud providers.