The European Commission, the governing body of the European Union, has acknowledged a significant cyber incident that compromised its cloud system infrastructure. This breach, claimed by cybercriminals to involve the theft of substantial data volumes, has raised concerns over digital security.
Details of the Cyber Intrusion
On Friday, the European Commission issued a statement confirming the cyberattack on its cloud infrastructure, specifically affecting its Europa.eu platform. Despite the breach, the Commission assured that public-facing websites remained operational without disruption.
According to initial findings from the ongoing investigation, data was extracted from these online platforms. The Commission is actively informing relevant EU entities that may have been impacted, continuing to assess the incident’s full scope.
Importantly, the European Commission clarified that its internal networks were not compromised by this cyber intrusion.
Claims by the ShinyHunters Group
Over the weekend, a message posted by the ShinyHunters cyber extortion group alleged the theft of over 350GB of data, which purportedly includes email server data dumps, database records, confidential documents, contracts, and other sensitive information.
Bleeping Computer reported that the attackers specifically targeted the European Commission’s AWS accounts. However, AWS itself stated that there had been no security breaches on their part and that their services functioned as intended.
This suggests the attackers might have exploited a compromised account or a security misconfiguration rather than exploiting a direct vulnerability within AWS products or services.
Context and Previous Incidents
This cyberattack marks the second data breach the European Commission confirmed this year. Earlier in February, CERT-EU revealed an intrusion into the Commission’s IT infrastructure, indicating hackers could have accessed personal details of some staff members.
Such incidents underscore the growing threat landscape faced by major governmental bodies, emphasizing the need for robust cybersecurity measures.
As the investigation continues, the European Commission remains focused on understanding the incident’s ramifications and preventing future breaches.
For more related developments, Poland recently experienced a surge in cyberattacks, including a significant hit to its energy sector, and the EU has been imposing sanctions on firms supporting hacking operations.
