The European Commission is investigating a data breach in which an attacker gained access to a customer environment on Amazon’s cloud infrastructure. Over 350 GB of data is reported to have been stolen, including multiple databases. The attacker is threatening to publish the data online but is not demanding a ransom.
This is according to sources cited by BleepingComputer. At least one account used to manage the cloud infrastructure was compromised in the process. The attack was quickly detected by the Commission’s cybersecurity team, which has now launched an investigation. The exact number of accounts affected has not yet been disclosed.
The threat actor claiming responsibility for the attack contacted BleepingComputer directly. According to the attacker, more than 350 GB of data was stolen, including multiple databases. As proof, screenshots were provided showing that the attacker had access to Commission staff data and to an employee email server.
The attacker stated that they do not intend to demand a ransom but plan to publish the data online at a later date.
Second incident in a short period
This is not the first time the Commission has faced a cyberattack this year. In February, the Commission announced a previous data breach after it was discovered on January 30 that the Mobile Device Management platform for staff devices had been hacked. That incident was addressed within nine hours.
That first incident appears to be linked to a broader wave of attacks targeting European institutions. Attackers exploited code injection vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM).
Update: Techzine has learned that AWS’ cloud infrastructure wasn’t breached. If we hear more about this, we will update the story.