EU Commission’s Cloud Infrastructure Compromised in Major Cyberattack
The European Union’s cybersecurity agency, CERT-EU, confirmed a significant breach of the European Commission’s cloud infrastructure, which hosts critical platforms for member states. The attack, traced to a cybercriminal group named TeamPCP, exploited a compromised Amazon Web Services (AWS) account linked to the Commission’s Europa.eu platform. The breach, which began on March 19, allowed hackers to access and steal 92 gigabytes of compressed data, including personal details and email contents.
The compromised AWS account was initially accessed through a stolen API key, which the hackers obtained after infiltrating the open-source security tool Trivy. The European Commission inadvertently downloaded a version of the compromised Trivy tool following a prior breach, enabling the attackers to pivot to the Commission’s cloud systems. This chain of vulnerabilities highlights the interconnected risks of supply chain attacks in cybersecurity.
The stolen data was later leaked online by another group, ShinyHunters, who claimed to have repurposed some of the data previously taken by TeamPCP. This unusual attribution of the breach to two separate groups underscores the complexity of modern cybercrime, where stolen data often becomes a commodity for further exploitation.
Hackers Blamed for Data Leak as Attribution Points to Two Cybercriminal Groups
CERT-EU’s report details how TeamPCP initially breached the Commission’s systems by stealing an API key tied to its AWS account, a method that leverages weaknesses in third-party tools. The hackers then accessed sensitive data stored in the cloud, including emails exchanged between Commission officials and external entities. The breach’s scale, involving over 52,000 files, raised alarms about the potential exposure of personal information, particularly from emails that bounced back with error messages.
The involvement of ShinyHunters in leaking the data added another layer to the incident, as the group admitted to repurposing data previously stolen by TeamPCP. This interplay between cybercriminal groups illustrates how breaches can escalate into broader data-sharing networks, with stolen information becoming a resource for multiple malicious actors. The EU agency is now working to assess the full extent of the breach and notify affected organizations.
The incident also exposed vulnerabilities in the Commission’s internal security protocols, as the breach originated from a compromised open-source tool. This highlights the growing threat of supply chain attacks, where attackers exploit weaknesses in widely used software to gain access to high-profile targets. Analysts warn that such breaches could set a precedent for future cyberattacks targeting public institutions.
EU Urges Affected Entities to Secure Data Amid Ongoing Cybersecurity Threats
CERT-EU has already reached out to 29 other EU entities potentially impacted by the breach, emphasizing the need for immediate security assessments. The agency warned that the leaked emails, while mostly automated, could still contain sensitive user data if they bounced back with error messages. This risk has prompted calls for stricter data encryption and access controls across the bloc’s institutions.
The European Commission, which is currently closed for a week, has not yet issued a public statement but is expected to address the breach in the coming days. Meanwhile, cybersecurity firms like Aqua Security and Palo Alto Networks Unit 4, which track TeamPCP’s activities, note the group’s history of ransomware attacks and supply chain exploits. These patterns suggest the breach may be part of a larger campaign targeting critical infrastructure.
As the EU investigates the breach, the incident underscores the urgent need for enhanced collaboration between public and private cybersecurity teams. With data theft becoming increasingly common, the Commission’s response will set a precedent for how governments handle similar threats in the future.
Conclusion
The EU’s cybersecurity breach highlights the growing sophistication of cybercriminal tactics and the vulnerabilities of interconnected digital systems. As authorities work to mitigate the damage, the incident serves as a stark reminder of the risks posed by supply chain attacks and the importance of proactive security measures in safeguarding sensitive data.
See related coverage: Project Hail Mary Sets Records for Amazon MGM, Sparking Box-Office Revival
