European Union · Amazon · TechCrunch AI
Europe’s cyber agency blames hacking gangs for large data breach and leak
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
◌ Single Source
The European Union’s cybersecurity agency said Thursday that a recent hack and data breach at the EU’s executive body was the work of a cybercriminal group known as TeamPCP.
Key facts
- CERT-EU wrote that the data of at least 29 other EU entities may be affected, and that dozens of internal European Commission clients could have had data stolen as well
- CERT-EU said that the breach originated on March 19 when hackers acquired a secret API key associated with the European Commission’s AWS account, following an earlier hack targeting the open source
- While the service said it’s still analyzing the data published online, close to 52,000 files contain sent email messages
- By targeting developers with keys to access sensitive systems, the hackers “then can hold compromised organizations for ransom, demanding extortion payments,” Unit 42 wrote
Summary
In a new report, CERT-EU also reported that the hackers stole around 92 gigabytes of compressed data from a compromised Amazon Web Services (AWS) account used by the bloc’s executive, the European Commission, which included personal data containing names, email addresses, and the contents of emails. The breach affected the cloud infrastructure of the Commission’s Europa.eu platform, which member states use to host websites and publications of the bloc’s institutions and agencies. CERT-EU wrote that the data of at least 29 other EU entities may be affected, and that dozens of internal European Commission clients could have had data stolen as well. The stolen data was then posted online by another hacking group, the notorious ShinyHunters.