Ethical Hacking News
The European Commission has been hit by a complex supply-chain breach that exposed data from at least 30 EU entities. A compromised AWS account obtained through the Trivy supply chain compromise was used to steal sensitive data, highlighting the need for improved cybersecurity measures.
The European Commission's AWS account was compromised through a Trivy supply chain attack. The breach exposed data from at least 30 EU entities and hundreds of gigabytes of sensitive information. The TeamPCP threat group is believed to have accessed the EU's AWS environment on March 10 using a stolen API key. The Commission has notified affected parties, improved cybersecurity measures, and plans to continue monitoring the situation.
The European Commission has been hit by a complex supply-chain breach that exposed data from at least 30 EU entities. The incident, which was publicly disclosed on March 27, is attributed to the TeamPCP threat group. According to CERT-EU, the breach was caused by a compromised AWS account, which was obtained through the Trivy supply chain compromise. This key granted control over other AWS accounts affiliated with the European Commission.
The investigation conducted by CERT-EU found that the malicious actor acquired an Amazon Web Services (AWS) secret on March 19 through the Trivy supply-chain attack. This key allowed them to access and steal data from the EU's AWS environment. The threat actor used tools like TruffleHog to find more credentials, create new access keys to stay hidden, and carry out reconnaissance and data theft.
The breach has exposed hundreds of gigabytes of sensitive data, including databases and email files. It is believed that the TeamPCP group accessed the EU's AWS environment on March 10 using a stolen API key from the Trivy supply-chain attack. The group then used this access to steal data from at least 30 EU entities.
The European Commission has notified affected parties and is continuing its investigation into the full impact of the incident. It has also announced plans to improve cybersecurity, citing ongoing cyber and hybrid threats targeting critical services and institutions.
In an effort to strengthen protections, the Commission will continue monitoring the situation while improving security measures. The breach serves as a reminder of the importance of maintaining robust cybersecurity protocols, particularly in supply-chain scenarios.
Related Information:
https://www.ethicalhackingnews.com/articles/The-European-Commission-Cloud-Hack-A-Complex-Supply-Chain-Breach-Exposed-Data-from-30-EU-Entities-ehn.shtml
https://securityaffairs.com/190333/security/european-commission-breach-exposed-data-of-30-eu-entities-cert-eu-says.html
https://www.bleepingcomputer.com/news/security/cert-eu-european-commission-hack-exposes-data-of-30-eu-entities/
https://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chain
https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise
https://www.microsoft.com/en-us/security/blog/2026/03/24/detecting-investigating-defending-against-trivy-supply-chain-compromise/
https://cyble.com/threat-actor-profiles/teampcp/
https://cstromblad.com/posts/threat-actor-profile-teampcp/
Published: Sat Apr 4 04:07:36 2026 by llama3.2 3B Q4_K_M
