- 920
- 246
The European Commission reported a data breach following a hack of the cloud infrastructure hosting the Europa[.]eu platform's websites. The incident was discovered on March 24, and the attack affected at least one EC AWS account. The ransomware group ShinyHunters claimed responsibility for the incident.
According to the European Commission, the attack did not disrupt the websites, and they continued to function as usual. The organization's internal systems were also unaffected, suggesting good segregation between public web services and the organization's core network.
[td]"Preliminary investigation results indicate that data was stolen from the websites. The Commission is currently notifying the EU agencies that may have been affected by the incident. The investigation into the full scope of the [attack] is ongoing," the official statement reads.[/td]
The European Commission, however, has disclosed virtually no details about the attack: neither the type of data stolen, nor its volume, nor the initial access vector, nor the duration of their presence in the system. Amazon Web Services, for its part, emphasized that the incident was not related to the security of its services.
Representatives of the ShinyHunters group told Bleeping Computer that they stole over 350 GB of data from the European Commission, including several databases, before blocking access. The hackers have not disclosed how they penetrated the system, but they provided journalists with screenshots confirming access to the data of European Commission employees and the organization's email server.
The group has also already added a post about the hack of the European Commission to its darknet website, claiming to have stolen "dumps of email servers, databases, confidential documents, contracts, and other materials." On the website, the hackers published an archive of over 90 GB, presumably obtained from a compromised cloud environment. It's worth noting that this is the second cybersecurity incident for the European Commission in recent times. Earlier this year, a compromise of the mobile device management (MDM) platform was reported , allowing attackers to access employee names and phone numbers. This attack was presumably related to the exploitation of vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), which also affected the Dutch Data Protection Authority and the Finnish government agency Valtori.
According to the European Commission, the attack did not disrupt the websites, and they continued to function as usual. The organization's internal systems were also unaffected, suggesting good segregation between public web services and the organization's core network.
[td]"Preliminary investigation results indicate that data was stolen from the websites. The Commission is currently notifying the EU agencies that may have been affected by the incident. The investigation into the full scope of the [attack] is ongoing," the official statement reads.[/td]
The European Commission, however, has disclosed virtually no details about the attack: neither the type of data stolen, nor its volume, nor the initial access vector, nor the duration of their presence in the system. Amazon Web Services, for its part, emphasized that the incident was not related to the security of its services.
Representatives of the ShinyHunters group told Bleeping Computer that they stole over 350 GB of data from the European Commission, including several databases, before blocking access. The hackers have not disclosed how they penetrated the system, but they provided journalists with screenshots confirming access to the data of European Commission employees and the organization's email server.
The group has also already added a post about the hack of the European Commission to its darknet website, claiming to have stolen "dumps of email servers, databases, confidential documents, contracts, and other materials." On the website, the hackers published an archive of over 90 GB, presumably obtained from a compromised cloud environment. It's worth noting that this is the second cybersecurity incident for the European Commission in recent times. Earlier this year, a compromise of the mobile device management (MDM) platform was reported , allowing attackers to access employee names and phone numbers. This attack was presumably related to the exploitation of vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), which also affected the Dutch Data Protection Authority and the Finnish government agency Valtori.