The European Commission cloud breach began when a compromised Trivy update and a single AWS credential allowed an attacker to access cloud resources and move laterally without triggering obvious outages. Approximately 91.7 GB of compressed data was exfiltrated and published by ShinyHunters, affecting dozens of europa.eu clients and prompting rapid remediation and notifications. #Trivy #ShinyHunters
Keypoints
- A supply-chain compromise of the Trivy security scanner delivered a malicious update into the Commissionβs environment.
- An AWS API key with management-level permissions was obtained on March 19 and used to access cloud resources.
- Attackers exfiltrated about 91.7 GB compressed (β340 GB uncompressed) of data, which was later published by ShinyHunters.
- Shared europa.eu infrastructure meant data for up to 71 clients, including 42 European Commission services and 29 other Union entities, was exposed.
- The Commission revoked keys, secured accounts, notified regulators and affected clients, and continues investigating exposed databases.
Read More: https://thecyberexpress.com/european-commission-cloud-breach/