EBA shuts down email systems after damaging cyberattack
A cyberattack has forced the European Banking Authority (EBA) to shut down its entire email system.
The attack is part of a widespread assault on organisations running Microsoft Exchange servers.
Microsoft has issued emergency patches, but many believe servers could have been backdoored by criminals.
The EBA says is has “swiftly launched a full investigation” in close cooperation with Microsoft, a team of forensic experts and “other relevant entities”.
It adds personal data through emails held on its services may have been obtained by the hackers.
“The EBA is working to identify what, if any, data was accessed. Where appropriate, the EBA will provide information on measures that data subjects might take to mitigate possible adverse effects.”
According to KrebsOnSecurity, more than 30,000 firms in the US and 10,000 internationally have been affected by the attack.
Chinese hacking group “Hafnium” is believed to be responsible.
The attackers gained access and then installed a webshell, allowing them to enter administrative commands through a browser-based terminal.
Patches could stem the outflow of information, but Ars Technica cites researchers saying it will take more to fully disinfect corrupted servers.
Related: Top five cyberattacks in 2020