Meaningful Data Breach strikes European Commission’s Cloud Environment

The cybersecurity division of the European Union has confirmed a major cyberattack targeting the EU’s executive branch, orchestrated by a hacking collective known as TeamPCP. This breach resulted in unauthorized access to confidential details stored within the European commission’s cloud infrastructure.

Scope and Nature of the Data Compromise

CERT-EU reports that nearly 92 gigabytes of compressed data were extracted from an Amazon Web Services (AWS) account associated with the European Commission. The stolen information included personal details such as names, email addresses, and email content. This attack affected Europa.eu, a platform used by member states to host official websites and publications for various EU institutions and agencies.

The impact extended beyond a single entity; at least 29 other EU bodies may have had their data compromised. Additionally, multiple internal departments within the European commission are believed to have suffered data theft during this incident.

Unusual Collaboration Between Cybercriminal Groups

A distinctive feature of this breach is the involvement of two separate hacker groups: TeamPCP carried out the initial intrusion while another notorious group called ShinyHunters later published some of the stolen data online. Representatives linked to ShinyHunters acknowledged leaking portions originally obtained by TeamPCP in prior operations.

Methodology Behind Unauthorized Access

The attack began on march 19 when hackers acquired a confidential API key connected to the commission’s AWS environment. this was enabled through an earlier compromise involving Trivy-a widely used open-source security scanning tool integrated into software development pipelines. The European Commission inadvertently installed a compromised version of Trivy following a supply chain attack, allowing attackers to harvest secret credentials and escalate access into sensitive cloud resources.

Email Communications and Personal information exposure

Ongoing investigations by CERT-EU reveal that approximately 52,000 files containing sent emails were leaked online. While many emails consist mainly of automated messages with limited content, those returned due to delivery errors may contain original user-submitted text-raising concerns about potential exposure of private personal information.

Coordinated Response Measures Underway

The cybersecurity agency is actively collaborating with all affected organizations across Europe in response efforts aimed at containment and mitigation. Investigations continue into how deeply attackers penetrated systems and what further vulnerabilities might exist.

Rising Threats from Supply Chain Attacks on Open Source Tools

This incident underscores increasing dangers posed by supply chain attacks targeting open source projects-a tactic favored by cybercriminals like TeamPCP who exploit trust relationships inherent in developer tools for broader infiltration campaigns. Beyond ransomware attacks or illicit cryptocurrency mining previously linked to TeamPCP, recent activities demonstrate systematic compromises focused on critical security utilities relied upon worldwide by developers.

“By seizing keys held within developer environments,”strong>, cybersecurity experts explain,“attackers gain extensive control over entire organizational infrastructures.”