The European Union’s cybersecurity agency, CERT-EU, has identified the recent hacking incident at the EU’s executive body as the work of a group called TeamPCP. In a newly released report, it is revealed that approximately 92 gigabytes of compressed data were stolen from an Amazon Web Services (AWS) account belonging to the European Commission. This data breach compromised personal information, including names, email addresses, and email content.
The incident impacted the cloud infrastructure of the Commission’s Europa.eu platform, used by various EU member states to host their institutional websites and publications. CERT-EU noted that the data from at least 29 other EU entities might be at risk, suggesting that numerous internal clients within the European Commission could have had sensitive information compromised.
Further complicating matters, the stolen data was subsequently leaked online by another hacking group, known as ShinyHunters. This event underscores a concerning trend where multiple cybercriminal organisations cooperate to extort their targets.
The breach originated on March 19, when hackers acquired a secret API key linked to the Commission’s AWS account. This breach was facilitated by an earlier incident involving the open-source security tool, Trivy. The Commission inadvertently downloaded a version of Trivy that had been compromised, allowing the hackers to access the secret API key and pivot into the Commission’s AWS account.
Currently, CERT-EU is analysing the data that has been published online, which includes around 52,000 files of sent email messages. Although most emails are automated and contain minimal content, there’s a potential risk of personal data exposure from emails that failed to send, which may include original user-submitted information.
CERT-EU is already in contact with the organisations affected by this breach. A spokesperson for the European Commission informed TechCrunch that the body would remain closed for the week, promising to provide a response to inquiries once reopened. Meanwhile, a ShinyHunters affiliate did not respond to requests for comment.
In addition to the Trivy breach, TeamPCP has been associated with ransomware attacks and cryptocurrency mining campaigns. Recent reports indicate that the group has been engaged in systematic supply chain attacks targeting other open-source projects. By targeting developers possessing access to sensitive systems, TeamPCP can effectively hold affected organisations ransom, demanding extortion payments for the return of stolen data or access to compromised systems.
This incident raises significant alarms regarding the vulnerabilities in cybersecurity practices and the rising trend of collaboration among cybercriminals to enhance their extortion tactics.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
