The European Union’s cybersecurity company mentioned Thursday {that a} current hack and information breach on the EU’s government physique was the work of a cybercriminal group often known as TeamPCP.
In a new report, CERT-EU additionally reported that the hackers stole round 92 gigabytes of compressed information from a compromised Amazon Net Companies (AWS) account utilized by the bloc’s government, the European Fee, which included private information containing names, e-mail addresses, and the contents of emails.
The breach affected the cloud infrastructure of the Fee’s Europa.eu platform, which member states use to host web sites and publications of the bloc’s establishments and businesses.
CERT-EU wrote that the information of no less than 29 different EU entities could also be affected, and that dozens of inner European Fee purchasers may have had information stolen as properly.
The stolen information was then posted on-line by one other hacking group, the infamous ShinyHunters.
Whereas the dimensions of the information breach is itself notable, the hack and subsequent leak of the European Fee’s information by two separate hacking teams highlights a rising pattern of cybercriminals working collectively to extort their victims.
CERT-EU mentioned that the breach originated on March 19 when hackers acquired a secret API key related to the European Fee’s AWS account, following an earlier hack focusing on the open-source security tool Trivy. The Fee inadvertently downloaded a duplicate of the compromised Trivy instrument following the mission’s current breach, permitting the hackers to steal its secret API key and use that entry to pivot to acquire information saved within the Fee’s AWS account.
Whereas the service mentioned it’s nonetheless analyzing the information revealed on-line, near 52,000 recordsdata include despatched e-mail messages. CERT-EU mentioned nearly all of these emails are automated with little to no content material, however emails that bounced again with an error “might include the unique user-submitted content material, posing a danger of private information publicity.”
CERT-EU mentioned it’s already in touch with affected organizations.
Contact Us
Do you’ve got extra details about this breach? Or different cyberattacks? From a non-work system, you possibly can contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram and Keybase @lorenzofb, or e-mail.
A spokesperson for the European Fee instructed TechCrunch that the physique is closed till subsequent week, and would reply to a request for remark then.
A member of ShinyHunters didn’t reply to requests for remark.
Apart from the Trivy seashore, TeamPCP has been linked to ransomware assaults and crypto-mining campaigns, says Aqua Security, which develops Trivy. The hackers have extra not too long ago been behind a scientific marketing campaign of provide chain assaults compromising different open supply safety tasks, according to Palo Alto Networks Unit 42.
By focusing on builders with keys to entry delicate methods, the hackers “then have the flexibility to carry compromised organizations for ransom, demanding extortion funds,” Unit 42 wrote.
