Security News > 2021 > March > European Banking Authority discloses Exchange server hack
The European Banking Authority took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide.
Last week, Microsoft patched multiple zero-day vulnerabilities affecting on-premises versions of Microsoft Exchange Server and exploited in ongoing attacks coordinated by multiple state-sponsored hacking groups.
The Chinese-backed APT27, Bronze Butler, and Calypso are also attacking unpatched Exchange servers, according to Slovak internet security firm ESET, who says that it also detected other state-sponsored groups it couldn't identify.
CISA also warned of "Widespread domestic and international exploitation of Microsoft Exchange Server vulnerabilities" on Saturday, urging admins to use Microsoft's IOC detection tool to detect signs of compromise in their organizations.
The attackers deploy web shells that allow them to gain remote access to a compromised server and to the internal network, even after the servers are patched.
Microsoft has updated their Microsoft Safety Scanner tool to detect web shells deployed in these attacks and a PowerShell script to search for indicators of compromise in Exchange and OWA log files.