- Cyber attack hit nearly 30 EU devices via Trivy update
- TeamPCP stole AWS keys, enabling large-scale data exfiltration
- ShinyHunters leaked 340GB of sensitive commission-related data
The latest cyber attack on the European Commission (EC) may have been much worse than first thought, as we now know that it affected nearly 30 different EU entities.
In an updated security announcement, the EU’s Cybersecurity Service (CERT-EU) blamed TeamPCP for the intrusion and shared more details about what had happened.
In the attack, TeamPCP, a relatively unknown threat actor, managed to get a malicious version of Trivy into the update stream that users trust. Trivy is an open source security scanner built by Aqua Security to detect vulnerabilities and misconfigurations. This malicious version allowed TeamPCP to obtain an Amazon Web Services (AWS) API key from the European Commission, which gave them control over other AWS accounts associated with the EU.
The article continues below
TeamPCP
Amazon confirmed that this was not a breach of its own systems and that it is working as it should.
Using the stolen AWS secrets, TeamPCP exfiltrated data from the affected cloud environment, EC confirmed. “The exfiltrated data relates to websites hosted for up to 71 customers of the Europa Web Hosting Service: 42 internal customers of the European Commission and at least 29 other EU entities.”
It does not mention which entities they are, but some of the more notable ones include the European Parliament, the Council of the European Union and the European Union’s External Action Service. Other agencies that may have been affected include the European Medicines Agency, the European Banking Authority, ENISA or Frontex.
Shortly after news of the breach broke, a group known as ShinyHunters claimed the incident, saying they captured “data dumps of mail servers, databases, confidential documents, contracts and much more sensitive material”. In total, the hackers posted 340GB of data, compressed into a 91.7GB archive.
“Analysis of the published dataset has so far confirmed the presence of personal data, including lists of first names, surnames, usernames and email addresses, predominantly from European Commission websites, but potentially related to users across multiple EU entities,” EU-CERT said.
The dataset also contains at least 51,992 files related to outgoing email communications, the majority of which are automated messages “with little or no content”.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
