EU cyber agency attributes major data breach to TeamPCP hacking group

Summary

CERT-EU has attributed a major data breach at the European Commission to the hacking group TeamPCP. The attackers exploited a compromised Amazon API key — linked to a Trivy supply‑chain compromise — to access an AWS account hosting the Commission’s Europa.eu platform on 19 March. About 92 gigabytes of compressed data were exfiltrated, including names, email addresses and some email content. The dataset included nearly 52,000 files related to outbound emails (approx. 2.2GB), and data from 42 internal clients and at least 29 EU entities may be affected. The stolen data later appeared on the ShinyHunters dark‑web site; CERT‑EU found no evidence the attackers moved laterally to other AWS accounts, but the compromised API key had management rights that could have allowed that.

Key Points

CERT-EU attributes the breach to TeamPCP with high confidence, linking it to the Trivy supply‑chain compromise.
Attackers exfiltrated roughly 92GB of compressed data from the Commission’s AWS-hosted Europa.eu platform.
Dataset included ~52,000 outbound email files (~2.2GB), plus names, email addresses and some email content.
Data belonging to 42 internal clients and at least 29 EU entities may have been exposed.
Stolen data surfaced on the ShinyHunters dark‑web site; TeamPCP has ties to other high-profile incidents, including LiteLLM.
CERT‑EU detected the breach on 24 March after unusual API use and network activity; no lateral movement has been observed so far.

Why should I read this?

Short version: this is a big deal. If you care about EU policy, cloud security, or supply‑chain risk, you need to know how a poisoned Trivy update and a leaked AWS API key let attackers rifle through Commission data. It shows how supply‑chain flaws cascade into major breaches — and why your cloud credentials and CI/CD tooling deserve attention now, not later.

Source

Source: https://therecord.media/european-commission-cyberattack-teampcp