"CERT-EU attributed a major data breach at the European Commission to cybercrime group TeamPCP, which exploited a supply chain attack on the open-source security tool Trivy to steal 92 GB of compressed data from the Commission's AWS infrastructure."
"The breach exposes the fragility of the open-source software supply chain that underpins the security tools governments rely on, as the attack allowed hackers to access the European Commission's cloud infrastructure."
"The dual attribution, one group for the hack and another for the leak, is unusual in cybercrime investigations and suggests a growing ecosystem of specialization among criminal operators."
TeamPCP exploited a supply chain attack on the open-source security tool Trivy, leading to a significant data breach at the European Commission. The breach resulted in the theft of 92 GB of data, including personal information and emails from 71 clients across EU institutions. The data was later published by the ShinyHunters gang. This incident highlights vulnerabilities in the open-source software supply chain that governments depend on for security. The dual attribution of the hack and leak indicates a growing specialization among cybercriminals.
Read at TNW | Eu
Unable to calculate read time
Collection
[
|
...
]