CERT-EU attributes the March breach of the European Commissionโs Amazon cloud environment to the TeamPCP threat group, which used a compromised AWS API key stolen in the Trivy supply-chain attack to access and exfiltrate data. ShinyHunters published a 90GB archive of stolen files containing names, email addresses, and email content that potentially affects 42 Commission clients and at least 29 other Union entities. #TeamPCP #ShinyHunters
Keypoints
- CERT-EU attributes the Europa.eu cloud breach to the TeamPCP threat group.
- Attackers used a compromised AWS API key stolen in the Trivy supply-chain attack to access the Commissionโs cloud.
- TeamPCP used TruffleHog to discover additional secrets and attached new access keys to evade detection.
- ShinyHunters published a 90GB leaked archive (โ340GB uncompressed) with tens of thousands of personal files and 51,992 email-related files.
- The breach potentially affects 42 internal Commission clients and at least 29 other Union entities; no websites were taken offline and no lateral movement has been detected so far.