E-mail servers of a European banking organization were compromised as a result of a global cyberattack carried out due to the discovery of a vulnerability in the Microsoft Exchange service.
The BBC reports.
An EU authority said personal data could be accessed from its servers and shut down its entire mail system while the damage is being assessed.
“The EBA is working to determine what data has been accessed,” the organization said.
Microsoft Exchange servers are widely used for e-mail by large enterprises and governments. But few organizations admitted they were attacked.
According to Microsoft, the cyberattack exploited a vulnerability in the Microsoft Exchange email system or sometimes used stolen passwords to look like someone who should have access to the system.
Then the mail server was remotely controlled and data was stolen from the network.
US officials warned over the weekend that the attack remains an “active threat.” “Everyone who runs these servers — the government, the private sector, academia — must act now to fix them,” said White House spokeswoman Jen Psaki.
Microsoft believes the hack is behind a Chinese government-sponsored attacker named Hafnium. But China has denied any involvement.
According to initial estimates, about 30,000 US organizations were affected.