Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The European Union’s cybersecurity agency said Thursday that the latest hack and data breach at a major EU agency it was the work of a cybercriminal group known as TeamPCP.
In a new reportCERT-EU also reported that the thieves stole about 92 gigabytes of compressed data from an Amazon Web Services (AWS) account used by the bloc’s head, the European Commission, which contains personal information including names, email addresses, and email content.
The breach affected the cloud infrastructure of the Commission’s Europa.eu platform, which member states use to host the websites and publications of the bloc’s institutions and bodies.
CERT-EU wrote that the information of at least 29 other EU institutions could be affected, and that many internal customers of the European Commission could also be compromised.
The stolen data was posted online by another hacking group, known as ShinyHunters.
While the scale of the data breach is clear, the hacking and leaking of European Commission data by two different fraud groups shows the scale of cyber criminals working together to prey on victims.
CERT-EU said the breach began on March 19 when hackers obtained the private key of an API linked to the European Commission’s AWS account, following the same hack that was targeted. Trivy’s open source security tool. The agency unwittingly downloaded the compromised Trivy tool following the project’s latest breach, allowing hackers to steal its private API key and use pivot access to access data stored in the Commission’s AWS account.
While the service said it was still reviewing what was published online, about 52,000 files contained emails sent. CERT-EU said that most of the emails were self-generated, but that the emails that came back with the error “may contain user-supplied content, which could pose a known threat.”
CERT-EU said it is already in contact with the affected agencies.
contact us
Do you have information about breaking the law? Or other cyberattacks? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
A spokesperson for the European Commission told TechCrunch that the body is closed until next week, and will respond to a request for comment then.
A member of ShinyHunters did not respond to a request for comment.
Apart from Trivy beach, TeamPCP has been linked to ransomware attacks and crypto mining campaigns, says Aqua Securitywhich makes Trivy. Hackers have recently been launching a hacking campaign that disrupts other open source projects, according to Palo Alto Networks Unit 42.
By targeting key manufacturers to access complex systems, hackers “can then hold vulnerable organizations to ransom, demanding payment,” Unit 42 wrote.