Prague Was The Victim of a Massive Cyberattack
Earlier this month Prague has been hit by a large-scale cyberattack.
The Czech capital Prague and the Labour Ministry declared to have been victims of a large-scale cyberattack on their email systems, which concluded with limited damage.
What do we know so far?
“There has been a massive cyber attack on public administration systems,” Zdeněk Hřib, the mayor of Prague, said in a tweet whilst also declaring that the servers had “survived” and with little to no damage.
The attack aimed at vulnerabilities of a Microsoft Exchange Server that allows access to e-mail boxes on the server and subsequent remote code execution without authentication and user interaction.
Microsoft has listed the vulnerabilities that are currently being exploited: CVE-2021-26855, CVE-2021-26857, CVE-2021-27065 and CVE-2021-26858.
The listed vulnerabilities are affecting Exchange Server 2010, 2013, 2016, and 2019, whilst Exchange Online not being vulnerable.
The system seemed prepared and thankfully to the storage of multiple copies of data at once, the important data was not damaged.
Last week, on Friday morning, Hřib confirmed that the city’s emails were working properly and there was no need to recover data from backup systems.
The attack was reported to the Czech Republic National Cyber and Information Agency (NUKIB), and the mayor said that he and the city would provide “full cooperation” with the investigation, to find out what happened in this situation.
How extensive was the attack?
It is known so far that the Czech Minister of Labour and Social Affairs was also been targeted, but no details are known at this time.
The situation is still being evaluated, but it does not look like any data was leaked or systems were damaged.
Heimdal® Email Security
- Completely secure your infrastructure against email-delivered threats;
- Deep content scanning for malicious attachments and links;
- Block Phishing and man-in-the-email attacks;
- Complete email-based reporting for compliance & auditing requirements;
NUKIB confirmed they were working with the organizations that had been affected, trying to find out how extensive the attack was, and who was behind it.
“As we have reported in recent days, serious vulnerabilities affecting Microsoft Exchange Server have been identified. These vulnerabilities allow access to e-mail boxes on the server and subsequent remote code execution. At the same time, Microsoft warns that these vulnerabilities are currently being actively exploited.
NÚKIB, together with other partners, including the National Center against Organized Crime, is currently helping the affected organizations to address this situation and minimize the extent of the damage. However, we will not provide more detailed information on the extent of the incident or the affected entities.”
The National Cyber and Information Agency (NUKIB) said it had no indication at this time who carried out the cyberattacks, and it’s providing all the assistance needed to the attacked institutions.