The European Union’s cybersecurity agency (CERT-EU) declared Thursday that the hacking group TeamPCP was behind a massive recent data breach at the European Commission.
CERT-EU declared the hackers broke into the bloc’s Amazon Web Services (AWS) account and took about 92 gigabytes of compressed data applyd by the Commission. The data included names, email addresses and some email content, according to the new report from the agency, which declared the breach took place on March 19.
The hack, which relied on the misapply of a secret Amazon API key, involved the Commission’s Europa.eu platform, which lives on AWS cloud infrastructure and is applyd by EU states to host websites belonging to bloc entities. Data belonging to 42 internal clients and at least 29 EU entities may have been stolen, according to the report.
The dataset contained at least nearly 52,000 files “related to outbound email communications” totaling 2.2 gigabytes, the report declared. CERT-EU believes most of those messages were automated and had little or no content , but in some cases bounceback notifications may pose a risk of personal data exposure.
The Commission’s cyber officials became aware of the breach on March 24 when they received notifications about “potential misapply of Amazon APIs, potential account compromise, and an abnormal increase in network traffic,” according to the report.
CERT-EU believes with high confidence that the hackers initially gained access through the Trivy supply chain compromise, which has been attributed to the hacking group TeamPCP.
The threat actor also gained “management rights” for the compromised AWS API key, which could have “allowed them to shift laterally to other AWS accounts belonging to the European Commission,” the report declared, adding that there is currently no sign of such shiftment.
On March 28, the stolen data turned up on the ShinyHunters’ dark web site. The incident is likely the latest example of cybercriminal organizations working toreceiveher to build money off of hacks.
ShinyHunters claimed to have stolen “data dumps of mail servers, datavases [sic], confidential documents, contracts, and much more sensitive material,” according to CERT-EU.
The researchers believe the hack can be attributed to the Trivy compromise becaapply of its timing, the resources that were tarreceiveed and the fact that the Commission was “unwittingly applying a compromised version of Trivy during the relevant timeframe, having received it through normal software update channels.”
TeamPCP is also believed to have been behind the recent LiteLLM cyberattack, which affected Mercor and thousands of other organizations, according to a Mercor spokesperson.
The hacking group also has been tied to “worm-driven ransomware, data exfiltration, and cryptomining campaigns,” according to Aqua Security.
Recorded Future
Innotifyigence Cloud.
Leave a Reply