The European Union’s cybersecurity company mentioned Thursday {that a} latest hack and data breach on the EU’s govt physique was the work of a cybercriminal group generally known as TeamPCP.
In a brand new report, CERT-EU additionally reported that the hackers stole round 92 gigabytes of compressed knowledge from a compromised Amazon Internet Providers (AWS) account utilized by the bloc’s govt, the European Fee, which included private knowledge containing names, e mail addresses, and the contents of emails.
The breach affected the cloud infrastructure of the Fee’s Europa.eu platform, which member states use to host web sites and publications of the bloc’s establishments and companies.
CERT-EU wrote that the info of a minimum of 29 different EU entities could also be affected, and that dozens of inside European Fee purchasers might have had knowledge stolen as properly.
The stolen knowledge was then posted on-line by one other hacking group, the infamous ShinyHunters.
Whereas the dimensions of the data breach is itself notable, the hack and subsequent leak of the European Fee’s knowledge by two separate hacking teams highlights a rising pattern of cybercriminals working collectively to extort their victims.
CERT-EU mentioned that the breach originated on March 19 when hackers acquired a secret API key related to the European Fee’s AWS account, following an earlier hack focusing on the open supply security software Trivy. The Fee inadvertently downloaded a replica of the compromised Trivy software following the challenge’s latest breach, permitting the hackers to steal its secret API key and use that entry to pivot to acquire knowledge saved within the Fee’s AWS account.
Whereas the service mentioned it’s nonetheless analyzing the info revealed on-line, near 52,000 information include despatched e mail messages. CERT-EU mentioned nearly all of these emails are automated with little to no content material, however emails that bounced again with an error “could include the unique user-submitted content material, posing a threat of private knowledge publicity.”
CERT-EU mentioned it’s already in touch with affected organizations.
Contact Us
Do you could have extra details about this breach? Or different cyberattacks? From a non-work system, you’ll be able to contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram and Keybase @lorenzofb, or e mail.
A spokesperson for the European Fee informed information.killnetswitch that the physique is closed till subsequent week, and would reply to a request for remark then.
A member of ShinyHunters didn’t reply to requests for remark.
Apart from the Trivy breach, TeamPCP has been linked to ransomware assaults and crypto-mining campaigns, says Aqua Safety, which develops Trivy. The hackers have extra not too long ago been behind a scientific marketing campaign of provide chain assaults compromising different open supply security tasks, based on Palo Alto Networks Unit 42.
By focusing on builders with keys to entry delicate techniques, the hackers “then have the power to carry compromised organizations for ransom, demanding extortion funds,” Unit 42 wrote.
