TeamPCP Hacks European Commission via Poisoned Trivy, Steals 340GB Data

The European Commission suffered a massive data breach after TeamPCP exploited a poisoned version of Trivy to steal AWS API keys.

“The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities”

BleepingComputer

The breach was first detected on March 24 but originated on March 19.

BleepingComputer

Approximately 340 gigabytes of data were exfiltrated, affecting 71 clients of the Europa web hosting service.

The commission's Cybersecurity Operations Center failed to detect the intrusion for five days.

The extortion group ShinyHunters published the stolen dataset on their leak site.

This dual attribution is unusual and complicates response efforts.

Clubic

At least 52,000 files containing sent email messages were included.

The leak contained personal data including names and email addresses.

CERT-EU's investigation revealed multiple advanced techniques used by the attackers.

“The EU Commission’s recent cloud breach has been linked to a supply-chain attack involving the Trivy security tool, with officials warning that data from at least 29 other EU entities may have been exposed”

CyberInsider

The breach originated from a supply chain compromise of Trivy that was inadvertently downloaded by the Commission.

The attackers used TruffleHog to scan for additional secrets and created new access keys to evade detection.

This cascading failure underscores the complexities of securing modern digital environments.