- Cyber attack hit nearly 30 EU entities via Trivy update
- TeamPCP stole AWS keys, enabling large-scale data exfiltration
- ShinyHunters leaked 340GB of sensitive data linked to the Commission
The recent cyberattack on the European Commission (EC) may have been much worse than initially thought, as we now know that it affected nearly 30 different European Union (EU) entities.
In an updated security advisory, the European Union’s Cybersecurity Service (CERT-EU) blamed the intrusion on TeamPCP and shared more details about what happened.
The attack saw TeamPCP, a relatively unknown threat actor, successfully introduce a malicious version of Trivy into the update feed that users trust. Trivy is an open source security scanner built by Aqua Security to detect vulnerabilities and misconfigurations. This malicious version allowed TeamPCP to obtain an Amazon Web Services (AWS) API key from the European Commission, which allowed them to control other AWS accounts affiliated with the EC.
Article continues below
TeamPCP
Amazon confirmed that this was not a breach of its own systems and that it was working as it should.
Using stolen AWS secrets, TeamPCP exfiltrated data from the affected cloud environment, the EC later confirmed. “The exfiltrated data concerns websites hosted by up to 71 customers of the Europa web hosting service: 42 internal customers of the European Commission and at least 29 other EU entities.”
It does not specify which entities these are, but among the most notable are the European Parliament, the Council of the European Union and the European External Action Service. Other agencies that may have been affected include the European Medicines Agency, the European Banking Authority, ENISA or Frontex.
Shortly after the breach was announced, a group known as ShinyHunters claimed responsibility for the incident, claiming to have recovered “data from email servers, databases, confidential documents, contracts and much more sensitive materials.” In total, the hackers released 340 GB of data, compressed into a 91.7 GB archive.
“Analysis of the published dataset has so far confirmed the presence of personal data, including lists of names, surnames, usernames and email addresses, originating mainly from European Commission websites, but which may relate to users from several Union entities,” EU-CERT said.
The dataset also contains at least 51,992 files related to outgoing email communications, the majority of which are automated notifications “with little or no content.”
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
