EU cyber agency attributes major data breach to TeamPCP hacking group

therecord.media · jruohonen · 2 days ago · view on HN · news
quality 7/10 · good
0 net
Tags
apple aws info-disclosure malware microsoft supply-chain
EU cyber agency attributes major data breach to TeamPCP hacking group | The Record from Recorded Future News Image: paws and prints / Unsplash Suzanne Smalley April 3rd, 2026 EU cyber agency attributes major data breach to TeamPCP hacking group The European Union’s cybersecurity agency (CERT-EU) said Thursday that the hacking group TeamPCP was behind a massive recent data breach at the European Commission. CERT-EU said the hackers broke into the bloc’s Amazon Web Services (AWS) account and took about 92 gigabytes of compressed data used by the Commission. The data included names, email addresses and some email content, according to the new report from the agency, which said the breach took place on March 19. The hack, which relied on the misuse of a secret Amazon API key, involved the Commission’s Europa.eu platform, which lives on AWS cloud infrastructure and is used by EU states to host websites belonging to bloc entities. Data belonging to 42 internal clients and at least 29 EU entities may have been stolen, according to the report. The dataset contained at least nearly 52,000 files “related to outbound email communications” totaling 2.2 gigabytes, the report said. CERT-EU believes most of those messages were automated and had little or no content , but in some cases bounceback notifications may pose a risk of personal data exposure. The Commission’s cyber officials became aware of the breach on March 24 when they received notifications about “potential misuse of Amazon APIs, potential account compromise, and an abnormal increase in network traffic,” according to the report. CERT-EU believes with high confidence that the hackers initially gained access through the Trivy supply chain compromise, which has been attributed to the hacking group TeamPCP. The threat actor also gained “management rights” for the compromised AWS API key, which could have “allowed them to move laterally to other AWS accounts belonging to the European Commission,” the report said, adding that there is currently no sign of such movement. On March 28, the stolen data turned up on the ShinyHunters’ dark web site. The incident is likely the latest example of cybercriminal organizations working together to make money off of hacks. ShinyHunters claimed to have stolen “data dumps of mail servers, datavases [sic], confidential documents, contracts, and much more sensitive material,” according to CERT-EU. The researchers believe the hack can be attributed to the Trivy compromise because of its timing, the resources that were targeted and the fact that the Commission was “unwittingly using a compromised version of Trivy during the relevant timeframe, having received it through normal software update channels.” TeamPCP is also believed to have been behind the recent LiteLLM cyberattack, which affected Mercor and thousands of other organizations, according to a Mercor spokesperson. The hacking group also has been tied to “worm-driven ransomware, data exfiltration, and cryptomining campaigns,” according to Aqua Security. News Cybercrime Get more insights with the Recorded Future Intelligence Cloud. Learn more. No previous article No new articles Suzanne Smalley is a reporter covering digital privacy, surveillance technologies and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children. Briefs FCC proposes $4.5 million fine for voice service provider hosting ‘suspicious’ foreign call traffic April 3rd, 2026 EU cyber agency attributes major data breach to TeamPCP hacking group April 3rd, 2026 Massachusetts emergency communications system impacted by cyberattack April 3rd, 2026 Ukraine warns Russian hackers are revisiting past breaches to prepare new attacks April 3rd, 2026 Nissan says stolen data came from third-party vendor after hacking group claims breach April 1st, 2026 Mercor confirms security incident tied to LiteLLM supply chain attack April 1st, 2026 Cambodia extradites alleged cyber scam linchpin to China as crackdown intensifies April 1st, 2026 Hasbro takes some systems offline after cybersecurity incident April 1st, 2026 Romania under daily barrage of cyberattacks, defense minister says April 1st, 2026 Latin America and the Caribbean Cybercrime Landscape ClickFix Campaigns Targeting Windows and macOS 2025 Year in Review: Malicious, Infrastructure Preparing for Russia’s New Generation Warfare in Europe 2025 Cloud Threat Hunting and Defense Landscape
← Back to stories