EU Data Leak Exposed: European Commission Suffers Major Cyber Attack

Post Views: 7

European Commission Hack Exposes Data of 30 EU Entities

A recent cyberattack attributed to the TeamPCP threat group has resulted in the exposure of sensitive data belonging to the European Commission and at least 29 other Union entities.

The Breach Details

The breach occurred when TeamPCP compromised an Amazon Web Services (AWS) API key with management privileges over other European Commission AWS accounts, allowing them to gain unauthorized access to the organization’s cloud environment.

Methodology Used by Threat Actors

According to CERT-EU, “The threat actor used the compromised AWS secret to exfiltrate data from the affected cloud environment.”

The team then used TruffleHog to scan and validate cloud credentials, creating a new access key and attaching it to an existing user account to evade detection, before conducting further reconnaissance and stealing sensitive data.

Data Stolen in the Breach

Data stolen in the breach includes personal information, usernames, addresses, and content, which was leaked on the dark web by ShinyHunters. The stolen dataset consists of approximately 90GB of compressed data, containing over 340GB of uncompressed files.

Personal information, such as names, last names, usernames, and addresses
Tens of thousands of files containing sensitive information
Outbound communications, totaling 2.22GB

No websites were taken offline as a result of this incident or tampered with, and no lateral movement to other Commission AWS accounts has been detected. While the analysis of exfiltrated databases and files is ongoing and will likely require “a considerable amount of time,” the Commission has notified relevant data protection authorities and is in direct communication with affected entities.