CP
cyberpings
BreachesHIGH

Europe’s Cyber Agency Blames Hacking Gangs for Breach

Featured image for Europe’s Cyber Agency Blames Hacking Gangs for Breach
TCTechCrunch Security
TeamPCPShinyHuntersEuropean CommissionAWSTrivy
🎯

Basically, hackers stole and leaked sensitive data from the European Commission.

Quick Summary

A massive data breach at the European Commission has exposed sensitive information. Hacking groups TeamPCP and ShinyHunters are behind the attack. This incident raises serious security concerns for EU entities.

What Happened

The European Union’s cybersecurity agency, CERT-EU, has reported a significant data breach involving the European Commission. The breach was attributed to a cybercriminal group known as TeamPCP, which exploited a compromised Amazon Web Services (AWS) account. Approximately 92 gigabytes of data were stolen, including personal information such as names and email addresses.

Who's Affected

The breach has impacted not only the European Commission but also potentially 29 other EU entities. This wide-reaching effect underscores the vulnerability of governmental bodies to cyberattacks. The stolen data was subsequently leaked online by another hacking group, ShinyHunters, highlighting a troubling trend of collaboration among cybercriminals.

What Data Was Exposed

The compromised data includes sensitive information stored in the Commission’s Europa.eu platform. Among the 52,000 files accessed, many contain sent email messages. While most of these emails are automated and lack significant content, there is a risk that emails with errors may expose original user-submitted content, leading to potential personal data exposure.

What You Should Do

Organizations that may be affected should take immediate steps to assess their security posture. CERT-EU is already in contact with impacted entities to mitigate risks. It's crucial for organizations to review their security protocols, especially regarding the management of API keys and access to sensitive systems.

Technical Details

The breach originated on March 19 when hackers obtained a secret API key linked to the European Commission’s AWS account. This was made possible by the Commission inadvertently downloading a compromised version of the open-source security tool Trivy. The hackers exploited this vulnerability to pivot and access sensitive data stored in the AWS account.

Defensive Measures

To protect against similar attacks, organizations should:

  • Regularly audit and rotate API keys.
  • Implement multi-factor authentication for sensitive accounts.
  • Monitor for unusual access patterns to cloud services.
  • Educate employees about the risks of downloading compromised software.

This incident serves as a stark reminder of the evolving tactics used by cybercriminals and the importance of robust cybersecurity measures.

🔒 Pro insight: The collaboration between TeamPCP and ShinyHunters indicates a dangerous trend in cybercrime, necessitating enhanced inter-agency cooperation.

Original article from

TCTechCrunch Security· Lorenzo Franceschi-Bicchierai
Read Full Article

Share

Related Pings

HIGHBreaches

Hims & Hers Data Breach Exposes Customer Support Data

A data breach at Hims & Hers has exposed customer support data. Hackers accessed personal information through social engineering tactics. Customers should be vigilant and monitor their accounts for suspicious activity.

SC Media·
HIGHBreaches

Axios npm Compromise - Targeted Social Engineering Attack Exposed

A targeted social engineering attack led to the compromise of Axios on npm, exposing many users to a remote access trojan. The incident reveals serious vulnerabilities in open source software management. Developers must act quickly to secure their dependencies and strengthen their security measures.

Cyber Security News·
HIGHBreaches

ChatGPT Data Leak - Android Rootkit and Ransomware Attack

A data leak from ChatGPT, a new Android rootkit, and a ransomware attack on a water facility reveal serious cybersecurity threats. Millions could be affected by these incidents, highlighting vulnerabilities that need immediate attention.

SecurityWeek·
HIGHBreaches

Trivy Supply Chain Attack - European Commission AWS Breach

A major breach linked to a supply chain attack on the European Commission's AWS has exposed sensitive data. Affected entities include numerous Union organizations. This incident raises significant security concerns and highlights the need for robust protective measures.

Cyber Security News·
LOWBreaches

T-Mobile - Clarifies Details on Recent Data Breach Incident

T-Mobile recently clarified a data breach involving an insider incident, impacting just one customer. Personal financial data remained secure, and the company has taken necessary precautions.

SecurityWeek·
HIGHBreaches

CBP Facility Codes Exposed in Quizlet Flashcards Leak

Sensitive security codes for Customs and Border Protection facilities leaked via Quizlet flashcards. This breach raises serious concerns about national security protocols. Immediate action is being taken to review the incident.

Wired Security·