HomeTechnology"EU Cyber Breach: TeamPCP Hacks AWS, ShinyHunters Leak Data"

“EU Cyber Breach: TeamPCP Hacks AWS, ShinyHunters Leak Data”

-

The cybersecurity agency of the European Union, CERT-EU, revealed on April 2 that a recent cyber assault on the EU’s administrative body was orchestrated by a hacking group known as TeamPCP. The breach impacted the European Commission’s public website “europa.eu,” which is hosted on the cloud infrastructure of Amazon Web Services (AWS). According to CERT-EU’s report on the incident, the hackers managed to extract around 92 gigabytes (GB) of compressed data from a compromised cloud account on AWS. This data included names, email addresses, and the contents of email communications.

CERT-EU recently stated that on March 28, a group called ShinyHunters, known for data extortion, released the stolen dataset on their dark web leak site. They claimed to have acquired ‘data dumps of mail servers, databases, confidential documents, contracts, and other sensitive materials.’ The dataset published was approximately 91.7 GB compressed (340 GB uncompressed).

The cybersecurity agency indicated that the breach could have impacted at least 29 other EU entities and numerous internal Commission clients whose data might have been accessed. The stolen information was subsequently made public by another hacking group, ShinyHunters.

According to CERT-EU, the breach commenced on March 19 when the attackers acquired a confidential application programming interface (API) key associated with the Commission’s cloud account. This incident followed a previous breach involving Trivy, a popular open-source security scanning tool.

The Commission inadvertently downloaded a compromised version of Trivy after the tool was breached, enabling the attackers to seize the secret key and utilize it to access sensitive data stored in the Commission’s cloud environment.

CERT-EU mentioned that ongoing analysis of the leaked data is in progress. They highlighted, “The dataset includes a minimum of 51,992 files related to outbound email communications, amounting to 2.22 GB. Most of these files are automated notifications with minimal content. Nevertheless, ‘bounce-back’ notifications, which are replies to incoming messages from users, may contain the original user-submitted content, potentially exposing personal data.”

The agency confirmed that it is actively engaging with potentially affected organizations regarding the breach.

LATEST POSTS

“Canadian Artist Dana Wyse Challenges Belief in Quick Fixes”

In Bangladesh this January, Canadian artist Dana Wyse showcased her unique art project, "Jesus Had a Sister Productions," by presenting small plastic packets containing colorful...

“India Advises Citizens to Leave Iran Amid US Strike Concerns”

India's Ministry of External Affairs advised its citizens on Monday to depart from Iran due to concerns over a potential US strike on Tehran. The...

“Container Terminal in Bangladesh Quadruples Storage Fees for LCL Shipments”

The Patenga Container Terminal operator has increased storage fees by four times for less-than-container-load (LCL) shipments exceeding the free storage period at its container freight...

“Legacy of Prof Abul Quasem Fazlul Haq: Champion of Justice and Education”

Renowned for his dedication to social justice and Bangladeshi culture, Prof Abul Quasem Fazlul Haq was a prominent figure who inspired many. His influence extended...

LATEST ARTICLES