The European Commission suffered a significant data breach attributed to cybercrime group TeamPCP, as confirmed by CERT-EU. The attackers exploited a supply chain vulnerability in the open-source security tool Trivy to extract 92 GB of compressed data from AWS infrastructure. The infamous ShinyHunters gang later leaked the data, which contained emails and personal information from up to 71 clients across EU institutions. This incident highlights the vulnerabilities within the open-source software supply chain crucial to the security tools used by governments.
On Thursday, the European Union’s computer emergency response team reported that a supply chain attack on an open-source security scanner granted hackers access to the European Commission’s cloud infrastructure. The result was the theft and public release of approximately 92 gigabytes of compressed data, including staff’s personal information and email content from numerous EU institutions.
CERT-EU traced the attack back to TeamPCP, a cybercrime group that has been compromising the defensive tools of organizations over the past six weeks. Subsequently, the notorious ShinyHunters gang published the data online. This dual attribution—one group responsible for the hack and another for the release—is uncommon in cybercrime probes and suggests a rise in specialization among criminal operators.
The breach commenced on March 19, following the European Commission’s inadvertent download of a compromised version of Trivy, an open-source vulnerability scanner maintained by Aqua Security. TeamPCP exploited incomplete credential rotation after a previous breach of Trivy’s GitHub repository in February, maintaining access to inject malicious code into 76 of 77 version tags in the trivy-action repository. The Commission’s automated security pipeline, upon pulling the tainted update, allowed attackers to harvest an AWS API key, granting them access to the Commission’s AWS cloud account.
Following the breach, the intrusion unfolded as what Unit 42 at Palo Alto Networks described as a calculated reconnaissance campaign. The attackers employed TruffleHog, a cloud credential scanning tool, to seek additional secrets. They subsequently used a newly created access key for an existing user to avoid detection before cataloging IAM users and roles, EC2 instances, Lambda functions, RDS databases, S3 buckets, and Route 53 hosted zones, focusing on ECS clusters to map task definitions for direct container access and bulk data exfiltration from AWS Secrets Manager.
The European Commission’s Cybersecurity Operations Centre identified suspicious activity on March 24, five days post-compromise, when alerts indicated potential Amazon API misuse and an unusual spike in network traffic. The incident was publicly disclosed on March 27. One day after, ShinyHunters leaked the dataset on their dark web site.
The breach’s scale is significant, with stolen data linked to websites hosted for up to 71 clients of the Europa.eu web service: 42 internal European Commission clients and at least 29 other EU entities. CERT-EU verified the dataset, approximately 340 GB uncompressed, encompassing nearly 52,000 files of outbound email communications, with lists of names, usernames, and email addresses. Potentially affected agencies include the European Medicines Agency, the European Banking Authority, ENISA, and Frontex, the EU’s border and coast guard agency.
The Trivy compromise was not an isolated case. Between March 19 and 27, TeamPCP mounted what Palo Alto Networks termed a systematic campaign against open-source security infrastructure. Post-Trivy, the group targeted Checkmarx KICS, an infrastructure-as-code scanner, injecting malicious commits to all 35 version tags on March 21. They then turned to LiteLLM, an AI gateway tool, since BerriAI’s CI/CD pipeline employed Trivy for scanning, and the corrupted trivy-action extracted a PyPI publishing token that enabled attackers to inject malicious packages to the Python Package Index. Each compromised tool became a pathway to the subsequent target, rendering a cascading supply chain attack that reached beyond the European Commission.
The situation places Europe’s governance frameworks, developed over years, in a troubling position. The EU’s Cybersecurity Regulation, instituted in 2023, was tailored to bolster institutional resilience against such attacks. The NIS2 Directive holds board-level executives accountable for cybersecurity lapses, with penalties, fines, and disqualification threats. Despite this, the Commission’s infrastructure fell victim via a compromised update to a security scan tool, a vulnerability situated between supply chain management and runtime protection.
Known also as DeadCatx3, PCPcat, and ShellForce, TeamPCP is identified by CrowdStrike, Wiz, and SANS as a cloud-native threat actor exploiting misconfigured Docker APIs, Kubernetes clusters, and Redis servers. The group has links to ransomware, data theft, and cryptomining campaigns and recently aligned with CipherForce, a ransomware group, to co-publish breach