EU cyberattack may have been worse than we thought - 90GB of data published online as 30 entities hit

News
By published

CERT-EU is blaming TeamPCP for the attack

Commissione Europea
(Image credit: 123RF)
  • Cyberattack hit nearly 30 EU entities via Trivy update
  • TeamPCP stole AWS keys, enabling large-scale data exfiltration
  • ShinyHunters leaked 340GB of sensitive Commission-related data

The recent cyberattack on the European Commission (EC) may have been a lot worse than initially thought, as we now know it affected almost 30 different European Union (EU) entities.

In an updated security notice, the European Union’s Cybersecurity Service (CERT-EU) blamed the intrusion on TeamPCP, and shared more details about what had happened.

The attack saw TeamPCP, a relatively unknown threat actor, manage to get a malicious version of Trivy into the update stream that users trust. Trivy is an open source security scanner built by Aqua Security to detect vulnerabilities and misconfigurations. This malicious version allowed TeamPCP to obtain an Amazon Web Services (AWS) API key of the European Commission, which granted them control over other AWS accounts affiliated with the EC.

Article continues below

TeamPCP

Amazon confirmed this was not a breach of its own systems and that it operates as it should.

Using the stolen AWS secrets, TeamPCP exfiltrated data from the affected cloud environment, the EC then confirmed. “The exfiltrated data relates to websites hosted for up to 71 clients of the Europa web hosting service: 42 internal clients of the European Commission, and at least 29 other Union entities.”

It doesn’t name which entities those are, but some of the more notable ones include the European Parliament, Council of the European Union, and the European External Action Service. Other agencies that may have been affected include the European Medicines Agency, European Banking Authority, ENISA, or Frontex.

Soon after news of the breach broke, a group known as ShinyHunters claimed the incident, saying they nabbed “data dumps of mail servers, databases, confidential documents, contracts, and much more sensitive material”. In total, the hackers posted 340GB of data, compressed into a 91.7GB archive.

“Analysis of the published dataset has so far confirmed the presence of personal data, including lists of names, last names, usernames, and email addresses, predominantly from the European Commission’s websites but potentially pertaining to users across multiple Union entities,” EU-CERT said.

The dataset also contains at least 51,992 files related to outbound email communications, the majority of which are automated notifications “with little to no content”.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.