THE European Commission confirmed that hackers stole 340GB of data from its AWS-based Europa hosting environment after an API key was compromised in the Trivy supply chain attack, carried out by the TeamPCP hacking group. The incident occurred on 24 March and was initially disclosed on 27 March, when the EC warned that cloud infrastructure hosting its resources had been breached.
CERT-EU explains that the attackers gained access by using a compromised API key from 19 March, created a new access key for a EC user account, and carried out reconnaissance, exfiltration and attempted lateral movement, including the use of TruffleHog to discover additional secrets.
The exfiltrated data relates to websites hosted for up to 71 clients of the Europa web hosting service, including 42 internal EC clients and at least 29 other Union entities, and includes personal information such as names, email addresses and usernames. The compromised data was added to a Tor-based leak site by ShinyHunters on 28 March, and the EC subsequently revoked the compromised credentials and notified data protection bodies, emphasising that the incident did not affect its internal systems.