The European Union's cybersecurity agency CERT-EU confirmed that cybercriminal group TeamPCP was responsible for a massive data breach affecting the European Commission's cloud infrastructure. The hackers stole approximately 92 gigabytes of compressed data from a compromised Amazon Web Services account, including personal information, email addresses, and email contents of EU officials.
The breach originated on March 19th when attackers acquired secret API keys from the Commission's AWS account through a supply chain attack involving the compromised open-source security tool Trivy. The Commission inadvertently downloaded the compromised Trivy tool, allowing hackers to steal API credentials and pivot to access stored data in the Commission's AWS environment.
The incident affected the Europa.eu platform used by member states to host official EU websites and publications. Close to 52,000 files containing email messages were compromised, with bounced emails potentially exposing original user-submitted content. The notorious ShinyHunters gang was separately blamed for leaking portions of the stolen data online, making this a complex multi-group cybercriminal operation targeting critical EU infrastructure.
