Paris: The European Banking Authority (EBA), a major financial regulator in the European Union, says it has fallen victim to a breach of its Microsoft email system that the US company blames on a Chinese group.
Microsoft said last week that a state-sponsored group operating from China was exploiting previously unknown security flaws in its Exchange email services to steal data from corporate and government users, which are believed to number in the tens of thousands so far.
She said the hafnium group was a “very skillful and sophisticated actor”.
She added that hafnium has previously targeted US-based companies including infectious disease researchers, law firms, universities, defense contractors, think tanks, and NGOs.
In a statement released late yesterday, EBA confirmed the attack on its email systems and decided not to contact them as a “precaution”.
“The agency quickly launched a full investigation, in close cooperation with its ICT provider, a team of forensic experts and other relevant entities,” she said.
The Environmental Protection Agency has warned that as a result of the attack, personal data was accessible and will advise on potential mitigation measures if needed.
Microsoft CEO Tom Burt said last Tuesday that the company provided updates to fix the vulnerabilities and urged customers to implement them.
“We know that many nation-state actors and criminal groups will move quickly to take advantage of any unprecedented systems,” he added.
Beijing usually rejects US piracy accusations outright, and last year it rebuked Washington after allegations that Chinese hackers were trying to steal research on the Corona virus.
In January, the US said Russia may have been behind the massive SolarWinds penetration that has hit large sections of government and the private sector, and which experts say could pose a lingering threat.
Microsoft said on Tuesday that the Hafnium attacks “were not in any way related to the separate SolarWind attacks.”