CP
cyberpings
BreachesHIGH

EU Cyber Agency Attributes Major Data Breach to TeamPCP

Featured image for EU Cyber Agency Attributes Major Data Breach to TeamPCP
TRThe Record
TeamPCPCERT-EUEuropean CommissionAWSShinyHunters
🎯

Basically, hackers stole a lot of sensitive data from the European Commission's cloud account.

Quick Summary

A major data breach at the European Commission has been linked to the TeamPCP hacking group. Sensitive data from various EU entities has been exposed, raising serious privacy concerns. Cybersecurity officials are investigating the incident and urging better security practices.

What Happened

The European Union’s cybersecurity agency, CERT-EU, has identified the TeamPCP hacking group as responsible for a significant data breach affecting the European Commission. This breach occurred on March 19, when hackers infiltrated the Commission’s Amazon Web Services (AWS) account, extracting approximately 92 gigabytes of compressed data.

Who's Affected

The breach has impacted 42 internal clients and at least 29 EU entities. The stolen data includes names, email addresses, and some email content, raising concerns about potential exposure of personal information.

What Data Was Exposed

CERT-EU reported that the compromised dataset contained nearly 52,000 files related to outbound email communications, totaling 2.2 gigabytes. Although many of these messages were automated with minimal content, some bounce-back notifications could risk exposing personal data.

How the Breach Occurred

The hackers exploited a secret Amazon API key, which allowed them to gain unauthorized access to the Commission’s AWS account. CERT-EU believes that the initial access was achieved through a Trivy supply chain compromise, attributed to TeamPCP. This compromise occurred while the Commission was unknowingly using a compromised version of Trivy from normal software updates.

What You Should Do

Organizations using AWS should review their API key management practices and ensure that they are not vulnerable to similar exploits. Regular audits of software updates and monitoring for unusual network traffic can help detect potential breaches early.

Current Status

The breach was discovered on March 24 after the Commission received alerts about potential misuse of Amazon APIs and abnormal network traffic. By March 28, the stolen data appeared on the ShinyHunters dark web site, indicating that cybercriminal organizations are collaborating to monetize these hacks. CERT-EU is currently investigating the situation and monitoring for any lateral movement within the compromised AWS accounts, though no such movement has been detected so far.

Conclusion

This incident highlights the ongoing threat posed by sophisticated hacking groups like TeamPCP. The collaboration among cybercriminals and the exploitation of software vulnerabilities underscore the need for heightened cybersecurity measures across all sectors, especially within government agencies.

🔒 Pro insight: This breach exemplifies the risks of supply chain vulnerabilities; organizations must prioritize secure software management to mitigate such threats.

Original article from

TRThe Record
Read Full Article

Share

Related Pings

HIGHBreaches

Hims & Hers - Data Breach Exposes Support Ticket Information

Hims & Hers has reported a data breach affecting support tickets on Zendesk. Personal information may have been compromised, prompting the company to offer free credit monitoring. Customers are advised to stay vigilant against phishing attempts.

BleepingComputer·
HIGHBreaches

Trivy Supply Chain Attack - Data Breach at Europa.eu Exposed

A massive data breach at Europa.eu has been linked to a supply chain attack on Aqua Security's Trivy. Sensitive data from multiple EU entities was compromised. Organizations must act swiftly to secure their systems and data.

CSO Online·
HIGHBreaches

Europe’s Cyber Agency Blames Hacking Gangs for Breach

A massive data breach at the European Commission has exposed sensitive information. Hacking groups TeamPCP and ShinyHunters are behind the attack. This incident raises serious security concerns for EU entities.

TechCrunch Security·
HIGHBreaches

Hims & Hers Data Breach Exposes Customer Support Data

A data breach at Hims & Hers has exposed customer support data. Hackers accessed personal information through social engineering tactics. Customers should be vigilant and monitor their accounts for suspicious activity.

SC Media·
HIGHBreaches

Axios npm Compromise - Targeted Social Engineering Attack Exposed

A targeted social engineering attack led to the compromise of Axios on npm, exposing many users to a remote access trojan. The incident reveals serious vulnerabilities in open source software management. Developers must act quickly to secure their dependencies and strengthen their security measures.

Cyber Security News·
HIGHBreaches

ChatGPT Data Leak - Android Rootkit and Ransomware Attack

A data leak from ChatGPT, a new Android rootkit, and a ransomware attack on a water facility reveal serious cybersecurity threats. Millions could be affected by these incidents, highlighting vulnerabilities that need immediate attention.

SecurityWeek·