Europe’s cyber company blames hacking gangs for large information breach and leak
The European Union’s cybersecurity company stated Thursday that a latest hack and information breach on the EU’s govt physique was the work of a cybercriminal group generally known as TeamPCP.
In a new report, CERT-EU additionally reported that the hackers stole round 92 gigabytes of compressed information from a compromised Amazon Internet Companies (AWS) account utilized by the bloc’s govt, the European Fee, which included private information containing names, electronic mail addresses, and the contents of emails.
The breach affected the cloud infrastructure of the Fee’s Europa.eu platform, which member states use to host web sites and publications of the bloc’s establishments and businesses.
CERT-EU wrote that the information of not less than 29 different EU entities could also be affected, and that dozens of inner European Fee purchasers might have had information stolen as properly.
The stolen information was then posted on-line by one other hacking group, the infamous ShinyHunters.
Whereas the dimensions of the information breach is itself notable, the hack and subsequent leak of the European Fee’s information by two separate hacking teams highlights a rising pattern of cybercriminals working collectively to extort their victims.
CERT-EU stated that the breach originated on March 19 when hackers acquired a secret API key related to the European Fee’s AWS account, following an earlier hack focusing on the open supply safety software Trivy. The Fee inadvertently downloaded a replica of the compromised Trivy software following the challenge’s latest breach, permitting the hackers to steal its secret API key and use that entry to pivot to acquire information saved within the Fee’s AWS account.
Whereas the service stated it’s nonetheless analyzing the information printed on-line, near 52,000 information comprise despatched electronic mail messages. CERT-EU stated the vast majority of these emails are automated with little to no content material, however emails that bounced again with an error “could comprise the unique user-submitted content material, posing a threat of private information publicity.”
CERT-EU stated it’s already in touch with affected organizations.
Contact Us
Do you will have extra details about this breach? Or different cyberattacks? From a non-work system, you may contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or through Telegram and Keybase @lorenzofb, or electronic mail.
A spokesperson for the European Fee instructed TechCrunch that the physique is closed till subsequent week, and would reply to a request for remark then.
A member of ShinyHunters didn’t reply to requests for remark.
Moreover the Trivy breach, TeamPCP has been linked to ransomware assaults and crypto-mining campaigns, says Aqua Safety, which develops Trivy. The hackers have extra lately been behind a scientific marketing campaign of provide chain assaults compromising different open supply safety tasks, in line with Palo Alto Networks Unit 42.
By focusing on builders with keys to entry delicate methods, the hackers “then have the power to carry compromised organizations for ransom, demanding extortion funds,” Unit 42 wrote.
