\n<\/p>\n
The European Union\u2019s cybersecurity agency said Thursday that a recent hack and data breach at the EU\u2019s executive body<\/a> was the work of a cybercriminal group known as TeamPCP.\u00a0<\/p>\n In a new report<\/a>, CERT-EU also reported that the hackers stole around 92 gigabytes of compressed data from a compromised Amazon Web Services (AWS) account used by the bloc\u2019s executive, the European Commission, which included personal data containing names, email addresses, and the contents of emails.\u00a0<\/p>\n The breach affected the cloud infrastructure of the Commission\u2019s Europa.eu platform, which member states use to host websites and publications of the bloc\u2019s institutions and agencies.<\/p>\n CERT-EU wrote that the data of at least 29 other EU entities may be affected, and that dozens of internal European Commission clients could have had data stolen as well.\u00a0<\/p>\n The stolen data was then posted online by another hacking group, the notorious ShinyHunters.\u00a0<\/p>\n While the size of the data breach is itself notable, the hack and subsequent leak of the European Commission\u2019s data by two separate hacking groups highlights a growing trend of cybercriminals working together to extort their victims.<\/p>\n CERT-EU said that the breach originated on March 19 when hackers acquired a secret API key associated with the European Commission\u2019s AWS account, following an earlier hack targeting the open source security tool Trivy<\/a>. The Commission inadvertently downloaded a copy of the compromised Trivy tool following the project\u2019s recent breach, allowing the hackers to steal its secret API key and use that access to pivot to obtain data stored in the Commission\u2019s AWS account.<\/p>\n While the service said it\u2019s still analyzing the data published online, close to 52,000 files contain sent email messages. CERT-EU said the majority of these emails are automated with little to no content, but emails that bounced back with an error \u201cmay contain the original user-submitted content, posing a risk of personal data exposure.\u201d<\/p>\n CERT-EU said it is already in contact with affected organizations.\u00a0<\/p>\n \t\t\tDo you have more information about this breach? Or other cyberattacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email<\/a>.<\/a>\t\t<\/div>\n A spokesperson for the European Commission told TechCrunch that the body is closed until next week, and would respond to a request for comment then.\u00a0<\/p>\n A member of ShinyHunters did not respond to requests for comment.\u00a0<\/p>\n Besides the Trivy breach, TeamPCP has been linked to ransomware attacks and crypto-mining campaigns, says Aqua Security<\/a>, which develops Trivy. The hackers have more recently been behind a systematic campaign of supply chain attacks compromising other open source security projects, according to Palo Alto Networks Unit 42<\/a>.<\/p>\n By targeting developers with keys to access sensitive systems, the hackers \u201cthen have the ability to hold compromised organizations for ransom, demanding extortion payments,\u201d Unit 42 wrote.<\/p>\n<\/div>\nContact Us<\/h4>\n