THE European Commission is investigating a cyber attack on its websites after early findings suggested that some data were taken, with the incident affecting the cloud infrastructure that hosts the Europa[.]eu platform. On 24 March, the Commission discovered the attack and said immediate steps were taken to contain it, with the incident described as contained and its internal systems reportedly unaffected.
CERT-EU’s analysis, published on 2 April, states that initial access was gained through the Trivy supply-chain compromise and attributes this to a threat actor known as TeamPCP; a significant volume of data, about 91.7 GB compressed, was exfiltrated from the compromised AWS account.
As first reported by Politico, ShinyHunters claimed responsibility and said over 350 GB of data were compromised, including mail servers, databases, and confidential documents, though the Commission had not confirmed all of those claims. The data breach led to the public availability of the stolen material on ShinyHunters’ dark web site on 28 March, with data pertaining to at least 29 other Union entities potentially affected, according to CERT-EU.