The European Commission suffered a cloud hack attributed to TeamPCP, which leveraged a compromised AWS API key obtained via the Trivy supply-chain attack. The group used TruffleHog for secret discovery and deployed "TeamPCP Cloud Stealer" malware, leading to the exfiltration of 90GB of data, including personal information and 51,992 email communications (2.22 GB), affecting 42 internal Commission clients and 29 other EU entities. The stolen data was subsequently published by ShinyHunters on a dark web leak site.
Initial Access
Trivy Key Theft
confirmed
TeamPCP compromised an Amazon Web Services API key with management rights through a supply-chain attack targeting the Trivy vulnerability scanner.
Defender cut points
Implement robust supply chain security practices for all third-party tools and dependencies.Continuously monitor for compromised software dependencies and development tools.
