On Thursday, the European Union’s cyber defense agency declared that a recent digital intrusion and data compromise targeting the EU’s administrative branch was orchestrated by a cybercriminal group identified as TeamPCP.
A fresh report from CERT-EU additionally disclosed that the perpetrators pilfered approximately 92 gigabytes of compacted information from an infiltrated Amazon Web Services (AWS) account associated with the bloc’s executive arm, the European Commission. This haul included private details such as names, electronic mail addresses, and the actual content of messages.
This intrusion impaired the cloud infrastructure of the Commission’s Europa.eu platform, a system employed by constituent nations to host web pages and official documents belonging to the bloc’s various institutions and agencies.
CERT-EU documented that information pertaining to no fewer than 29 additional EU entities could be impacted, with scores of internal European Commission clients also possibly having had their data exfiltrated.
Subsequently, the pilfered information was uploaded to the internet by a distinct cybercrime faction, the infamous group known as ShinyHunters.
Beyond the inherently noteworthy scale of the information security incident, the intrusion and ensuing disclosure of the European Commission’s data by a pair of distinct cybercriminal collectives underscores an escalating pattern of digital felons collaborating to coerce their casualties.
CERT-EU stated the compromise began on the nineteenth of March, when perpetrators obtained a confidential API key linked to the European Commission’s AWS account. This occurred subsequent to a prior cyberattack aimed at the open-source defensive utility, Trivy. Without realizing, the Commission unintentionally acquired a version of the infiltrated Trivy software following the project’s recent breach. This enabled the perpetrators to pilfer its secret API key and leverage that entry point to procure information housed within the Commission’s AWS profile.
While the agency indicated it is continuing to examine the information disclosed on the internet, nearly 52,000 documents hold transmitted electronic mail messages. CERT-EU noted that most of these messages are automatically generated with minimal or no substance. However, correspondence that failed to deliver due to an error “may contain the original user-provided material, presenting a danger of private information being revealed.”
CERT-EU confirmed it is currently communicating with impacted entities.
Contact Us
Do you possess additional details concerning this compromise? Or other digital assaults? Using a personal device, you may reach Lorenzo Franceschi-Bicchierai confidentially on Signal at +1 917 257 1382, or through Telegram and Keybase @lorenzofb, or by email.
An official from the European Commission informed TechCrunch that the institution is shut until the upcoming week, and planned to address a comment inquiry at that time.
An individual affiliated with ShinyHunters offered no response to comment solicitations.
Beyond the Trivy compromise, TeamPCP has been associated with data-hostage assaults and cryptocurrency-mining operations, according to Aqua Security, the developer of Trivy. More lately, these perpetrators have masterminded a methodical series of supply chain intrusions, infiltrating additional open-source defensive initiatives, as reported by Palo Alto Networks’ Unit 42.
Unit 42 documented that by focusing on developers possessing credentials to enter critical networks, the cybercriminals “then possess the capacity to hold infiltrated entities hostage, demanding blackmail sums.”
{content}
Source: {feed_title}