- Cyberattack affected almost 30 EU entities through Trivy update
- TeamPCP Stole AWS Keys, Enabling Large-Scale Data Breach
- ShinyHunters leaked 340 GB of confidential data related to the Commission
The recent cyberattack on the European Commission (EC) may have been much worse than initially thought, as we now know that it affected almost 30 different entities in the European Union (EU).
In an updated security advisory, the Cybersecurity Service of the European Union (CERT-EU) blamed the intrusion on TeamPCP and shared more details about what happened.
In the attack, TeamPCP, a relatively unknown threat actor, managed to introduce a malicious version of Trivy into the update stream that users rely on. Trivy is an open source security scanner created by Aqua Security to detect vulnerabilities and misconfigurations. This malicious version allowed TeamPCP to obtain an Amazon Web Services (AWS) API key from the European Commission, giving them control over other EC-affiliated AWS accounts.
Article continues below.
PCP Team
Amazon confirmed that this was not a breach of its own systems and that it is operating as it should.
Using secrets stolen from AWS, TeamPCP extracted data from the affected cloud environment, the EC later confirmed. “The extracted data relates to websites hosted by up to 71 clients of the Europa web hosting service: 42 internal clients of the European Commission and at least 29 other entities of the Union.”
It does not name which entities they are, but some of the most notable include the European Parliament, the Council of the European Union and the European External Action Service. Other agencies that may have been affected include the European Medicines Agency, the European Banking Authority, ENISA or Frontex.
Shortly after news of the breach broke, a group known as ShinyHunters claimed responsibility for the incident, saying they had captured “data dumps from mail servers, databases, confidential documents, contracts and much more sensitive material.” In total, the hackers released 340 GB of data, compressed into a 91.7 GB file.
“Analysis of the published dataset has so far confirmed the presence of personal data, including lists of first names, surnames, usernames and email addresses, predominantly from European Commission websites, but potentially belonging to users from multiple Union entities,” EU-CERT said.
The data set also contains at least 51,992 files related to outbound email communications, most of which are push notifications “with little or no content.”
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
