A recent cyberattack on the European Commission has exposed sensitive data linked to dozens of European Union organizations.
According to the EU’s cybersecurity team, CERT-EU, the breach has been connected to a threat group known as TeamPCP.
The incident first came to light in late March after reports suggested that the European Commission’s Amazon cloud environment had been compromised. The Commission later confirmed the breach and revealed that its internal systems did not detect anything unusual until several days after the attack had already begun.
The attackers reportedly gained access on March 10 by using a stolen Amazon Web Services API key. This key had high-level permissions, allowing them to move across multiple cloud accounts. The key itself is believed to have been stolen during a separate supply chain attack involving a security tool.
After entering the system, the attackers searched for more sensitive credentials using automated tools. They also created new access keys to stay hidden and avoid detection while continuing their activity. During this time, they carried out further exploration and began collecting data from the compromised environment.
TeamPCP is not new to cybercrime. The group has been linked to several attacks targeting developer platforms such as GitHub, NPM, and Docker. In one case, they infected a widely used software package with malware, affecting thousands of devices.
The situation became more serious when a separate group called ShinyHunters released the stolen data on the dark web. The leak included a massive archive of files containing names, email addresses, usernames, and email content. Some of these files were related to automated system messages, but others may include personal information shared by users.
CERT-EU confirmed that the breach could impact up to 71 different clients connected to the EU’s web hosting services. This includes internal departments of the European Commission as well as other Union entities.
Despite the scale of the breach, officials stated that no websites were taken offline and there is no evidence that the attackers moved into other systems. However, the full investigation is still ongoing, and analyzing the leaked data is expected to take time.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Authorities have already informed data protection agencies and are working closely with affected organizations. This incident follows another recent breach involving a mobile device management system used by Commission staff, raising concerns about ongoing cybersecurity challenges within the EU.
