In March the European Commission’s public europa.eu platform was compromised after a supply‑chain attack on the Trivy security tool—attributed to threat actor TeamPCP—allowed attackers to steal an AWS API key and move laterally across affiliated accounts. The extortion group ShinyHunters published roughly 91.7 GB compressed (340 GB raw) of stolen data including mail servers, databases, contracts and personal emails, prompting key revocations and CERT-EU guidance to rotate secrets and secure CI/CD pipelines. #TeamPCP #Trivy
Keypoints
- A compromised Trivy update provided initial access to the attackers.
- TeamPCP used a stolen AWS API key to access multiple EU‑affiliated AWS accounts.
- ShinyHunters published about 91.7 GB compressed (340 GB raw) of sensitive Commission and related Union entity data.
- Exfiltrated content includes mail servers, databases, contracts, and personal names and email addresses affecting at least 29 other entities.
- CERT-EU advises pinning CI/CD actions, updating Trivy, rotating AWS secrets, and monitoring for anomalous CI/CD activity.
Read More: https://securityonline.info/european-commission-trivy-supply-chain-attack-aws-leak/