Europe’s Cyber Agency Blames Hacking Gangs For Massive Data Breach And Leak

The European Union’s cybersecurity agency said Thursday that a caller hack and information breach astatine nan EU’s executive body was nan activity of a cybercriminal group known arsenic TeamPCP. 

In a new report, CERT-EU besides reported that nan hackers stole astir 92 gigabytes of compressed information from a compromised Amazon Web Services (AWS) relationship utilized by nan bloc’s executive, nan European Commission, which included individual information containing names, email addresses, and nan contents of emails. 

The breach affected nan unreality infrastructure of nan Commission’s Europa.eu platform, which personnel states usage to big websites and publications of nan bloc’s institutions and agencies.

CERT-EU wrote that nan information of astatine slightest 29 different EU entities whitethorn beryllium affected, and that dozens of soul European Commission clients could person had information stolen arsenic well. 

The stolen information was past posted online by different hacking group, nan notorious ShinyHunters. 

While nan size of nan information breach is itself notable, nan hack and consequent leak of nan European Commission’s information by 2 abstracted hacking groups highlights a increasing inclination of cybercriminals moving together to extort their victims.

CERT-EU said that nan breach originated connected March 19 erstwhile hackers acquired a concealed API cardinal associated pinch nan European Commission’s AWS account, pursuing an earlier hack targeting nan open-source information instrumentality Trivy. The Commission inadvertently downloaded a transcript of nan compromised Trivy instrumentality pursuing nan project’s caller breach, allowing nan hackers to bargain its concealed API cardinal and usage that entree to pivot to get information stored successful nan Commission’s AWS account.

While nan work said it’s still analyzing nan information published online, adjacent to 52,000 files incorporate sent email messages. CERT-EU said nan mostly of these emails are automated pinch small to nary content, but emails that bounced backmost pinch an correction “may incorporate nan original user-submitted content, posing a consequence of individual information exposure.”

CERT-EU said it is already successful interaction pinch affected organizations. 

A spokesperson for nan European Commission told TechCrunch that nan assemblage is closed until adjacent week, and would respond to a petition for remark then. 

A personnel of ShinyHunters did not respond to requests for comment. 

Besides nan Trivy beach, TeamPCP has been linked to ransomware attacks and crypto-mining campaigns, says Aqua Security, which develops Trivy. The hackers person much precocious been down a systematic run of proviso concatenation attacks compromising different unfastened root information projects, according to Palo Alto Networks Unit 42.

By targeting developers pinch keys to entree delicate systems, nan hackers “then person nan expertise to clasp compromised organizations for ransom, demanding extortion payments,” Unit 42 wrote.