EU cyber agency attributes major data breach to TeamPCP hacking group

The European Union’s cybersecurity company (CERT-EU) mentioned Thursday that the hacking group TeamPCP was behind an enormous latest knowledge breach on the European Fee.

CERT-EU mentioned the hackers broke into the bloc’s Amazon Net Providers (AWS) account and took about 92 gigabytes of compressed knowledge utilized by the Fee. The info included names, e mail addresses and a few e mail content material, in accordance with the brand new report from the company, which mentioned the breach passed off on March 19.

The hack, which relied on the misuse of a secret Amazon API key, concerned the Fee’s Europa.eu platform, which lives on AWS cloud infrastructure and is utilized by EU states to host web sites belonging to bloc entities. Information belonging to 42 inner shoppers and at the very least 29 EU entities could have been stolen, in accordance with the report.

The dataset contained at the very least practically 52,000 information “associated to outbound e mail communications” totaling 2.2 gigabytes, the report mentioned. CERT-EU believes most of these messages had been automated and had little or no content material , however in some instances bounceback notifications could pose a threat of private knowledge publicity. 

The Fee’s cyber officers turned conscious of the breach on March 24 after they obtained notifications about “potential misuse of Amazon APIs, potential account compromise, and an irregular improve in community visitors,” in accordance with the report.

CERT-EU believes with excessive confidence that the hackers initially gained entry by the Trivy provide chain compromise, which has been attributed to the hacking group TeamPCP.

The menace actor additionally gained “administration rights” for the compromised AWS API key, which might have “allowed them to maneuver laterally to different AWS accounts belonging to the European Fee,” the report mentioned, including that there’s presently no signal of such motion.

On March 28, the stolen knowledge turned up on the ShinyHunters’ darkish site. The incident is probably going the newest instance of cybercriminal organizations working collectively to earn money off of hacks.

ShinyHunters claimed to have stolen “knowledge dumps of mail servers, datavases [sic], confidential paperwork, contracts, and way more delicate materials,” in accordance with CERT-EU. 

The researchers imagine the hack could be attributed to the Trivy compromise due to its timing, the assets that had been focused and the truth that the Fee was “unwittingly utilizing a compromised model of Trivy through the related timeframe, having obtained it by regular software program replace channels.”

TeamPCP can also be believed to have been behind the latest LiteLLM cyberattack, which affected Mercor and 1000’s of different organizations, in accordance with a Mercor spokesperson.

The hacking group additionally has been tied to “worm-driven ransomware, knowledge exfiltration, and cryptomining campaigns,” in accordance with Aqua Safety.

Study extra.