- Cyberattack hit around 30 EU organizations by Trivy update
- TeamPCP stole AWS keys, allowing massive data exfiltration
- ShinyHunters leaked 340GB of sensitive data related to the Commission
The latest cyberattack on the European Commission (EC) may have been worse than first thought, as we now know that it affected almost 30 different organizations of the European Union (EU).
In an updated security notice, the European Union’s Cybersecurity Service (CERT-EU) blamed TeamPCP’s intrusion, and shared more details about what happened.
The attack saw TeamPCP, an unknown threat actor, manage to find a malicious version of Trivy in a stream of user-trusted reviews. Trivy is an open source security scanner developed by Aqua Security to detect vulnerabilities and vulnerabilities. This malicious version allowed TeamPCP to obtain the European Commission’s Amazon Web Services (AWS) API key, giving it control over some AWS accounts connected to the EC.
The article continues below
TeamPCP
Amazon has confirmed that this is not a breach of its systems and that it is working as it should.
Using stolen AWS secrets, TeamPCP extracted data from the affected cloud environment, which EC then verified. “The classified information relates to websites hosted by up to 71 clients of the Europa web hosting service: 42 internal clients of the European Commission, and at least 29 other Union organizations.”
It does not specify which organizations they are, but some of the most notable include the European Parliament, the Council of the European Union, and the European External Action Service. Other agencies that may have been affected include the European Medicines Agency, the European Banking Authority, ENISA, or Frontex.
Soon after news of the breach spread, a team known as ShinyHunters claimed the incident, claiming to have seized “server dumps, databases, confidential documents, contracts, and other highly sensitive data”. In total, the hackers sent 340GB of data, compressed into an archive of 91.7GB.
“The analysis of the dataset published so far has confirmed the existence of personal data, including lists of names, surnames, usernames, and email addresses, mainly from European Commission websites but possibly concerning users in all Union organizations,” said EU-CERT.
The dataset also contains at least 51,992 files related to outgoing email communications, most of which are automatic notifications with “little or no content”.
With The BleepingComputer
The best antivirus for all budgets
Follow TechRadar for Google news again add us as a favorite resource to get our expert news, reviews, and opinions in your feed. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok to get news, reviews, unboxings in video form, and get regular updates from us WhatsApp again.
