The European Commission has confirmed that hackers stole over 300GB of data from an AWS account supporting the Europa.eu hosting service after an API key was compromised in the Trivy supply chain attack. CERT-EU says the TeamPCP group used the compromised key to create new access credentials, run discovery tools, exfiltrate data affecting sites for 71 clients, and the stolen information was later posted by ShinyHunters. #Trivy #TeamPCP
Keypoints
- Over 300GB of data was exfiltrated from an AWS account backing the Europa.eu hosting service.
- An API key compromised on March 19 through a malicious Trivy update enabled attacker access.
- TeamPCP validated credentials, ran tools like TruffleHog for secret discovery, and moved laterally to exfiltrate data for 71 clients.
- The exfiltrated dataset (about 340GB uncompressed) contains personal information and roughly 2.22GB of automated notifications (51,992 files).
- The European Commission revoked the compromised keys, rotated credentials, confirmed internal systems were not affected, and notified data protection authorities.