EU blames cybercriminal group for cloud data breach
What's the story
The European Union's cybersecurity agency, CERT-EU, has blamed a cybercriminal group called TeamPCP for a major data breach. The attack targeted the EU's executive body and resulted in the theft of some 92GB of compressed data. The stolen information was taken from an Amazon Web Services (AWS) account used by the European Commission and included personal details such as names, email addresses, and email content.
Platform compromised
Breach impacted cloud infrastructure of Europa.eu platform
The data breach impacted the cloud infrastructure of the Commission's Europa.eu platform, which is used by member states to host websites and publications of EU institutions and agencies. CERT-EU warned that data from at least 29 other EU entities could be affected. Dozens of internal European Commission clients may also have had their data stolen in this incident.
Data leak
Stolen data later published online by another hacking group
The stolen data was later published online by another hacking group, ShinyHunters. CERT-EU revealed that the breach took place on March 19 when hackers obtained a secret API key linked to the European Commission's AWS account. This was done after an earlier attack on open-source security tool Trivy, which the Commission had unknowingly downloaded following its recent compromise.
Risk assessment
CERT-EU still analyzing the online-published data
CERT-EU is still analyzing the online-published data, which includes nearly 52,000 files containing sent email messages. While most of these emails are automated with little to no content, some bounced-back emails may contain the original user-submitted content, posing a risk of personal data exposure. The agency has already reached out to affected organizations regarding this potential breach.
Previous attacks
TeamPCP also tied to ransomware attacks and crypto-mining campaigns
Along with the Trivy breach, TeamPCP has also been tied to ransomware attacks and crypto-mining campaigns. They have recently launched a systematic campaign of supply chain attacks targeting other open-source security projects. By targeting developers with keys to access sensitive systems, these hackers can hold compromised organizations for ransom and demand extortion payments, according to Palo Alto Networks Unit 42.