"The European Commission was unwittingly using a compromised version of Trivy during the relevant timeframe, having received it through normal software update channels."
"This key granted control over other AWS accounts affiliated with the European Commission. On the same day, the threat actor attempted to discover additional secrets by launching TruffleHog, a tool commonly used for scanning secrets and validating AWS credentials."
"The threat actor used the compromised AWS secret to exfiltrate data from the affected cloud environment. The exfiltrated data relates to websites hosted for up to 71 clients of the Europa web hosting service."
On March 24, hackers accessed the European Commission's AWS environment, stealing over 300GB of data. The breach was linked to a compromised API key from the Trivy vulnerability scanner, which was unknowingly used by the EC. CERT-EU reported that the attackers created a new access key and conducted reconnaissance, gaining control over other AWS accounts. The stolen data included information from 71 clients of the Europa web hosting service, comprising both internal EC clients and other EU entities.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]