2 weeks ago
9
The European Union’s cybersecurity bureau said Thursday that a caller hack and information breach astatine the EU’s enforcement body was the enactment of a cybercriminal radical known arsenic TeamPCP.
In a new report, CERT-EU besides reported that the hackers stole astir 92 gigabytes of compressed information from a compromised Amazon Web Services (AWS) relationship utilized by the bloc’s executive, the European Commission, which included idiosyncratic information containing names, email addresses, and the contents of emails.
The breach affected the unreality infrastructure of the Commission’s Europa.eu platform, which subordinate states usage to big websites and publications of the bloc’s institutions and agencies.
CERT-EU wrote that the information of astatine slightest 29 different EU entities whitethorn beryllium affected, and that dozens of interior European Commission clients could person had information stolen arsenic well.
The stolen information was past posted online by different hacking group, the notorious ShinyHunters.
While the size of the information breach is itself notable, the hack and consequent leak of the European Commission’s information by 2 abstracted hacking groups highlights a increasing inclination of cybercriminals moving unneurotic to extort their victims.
CERT-EU said that the breach originated connected March 19 erstwhile hackers acquired a concealed API cardinal associated with the European Commission’s AWS account, pursuing an earlier hack targeting the open-source information instrumentality Trivy. The Commission inadvertently downloaded a transcript of the compromised Trivy instrumentality pursuing the project’s caller breach, allowing the hackers to bargain its concealed API cardinal and usage that entree to pivot to get information stored successful the Commission’s AWS account.
While the work said it’s inactive analyzing the information published online, adjacent to 52,000 files incorporate sent email messages. CERT-EU said the bulk of these emails are automated with small to nary content, but emails that bounced backmost with an mistake “may incorporate the archetypal user-submitted content, posing a hazard of idiosyncratic information exposure.”
CERT-EU said it is already successful interaction with affected organizations.
Contact Us
Do you person much accusation astir this breach? Or different cyberattacks? From a non-work device, you tin interaction Lorenzo Franceschi-Bicchierai securely connected Signal astatine +1 917 257 1382, oregon via Telegram and Keybase @lorenzofb, oregon email.
A spokesperson for the European Commission told TechCrunch that the assemblage is closed until adjacent week, and would respond to a petition for remark then.
A subordinate of ShinyHunters did not respond to requests for comment.
Besides the Trivy beach, TeamPCP has been linked to ransomware attacks and crypto-mining campaigns, says Aqua Security, which develops Trivy. The hackers person much precocious been down a systematic run of proviso concatenation attacks compromising different unfastened root information projects, according to Palo Alto Networks Unit 42.
By targeting developers with keys to entree delicate systems, the hackers “then person the quality to clasp compromised organizations for ransom, demanding extortion payments,” Unit 42 wrote.
English (US) ·