The European Commission was breached following the compromise of the open-source security tool Trivy by hackers.

      CERT-EU has linked a significant data breach at the European Commission to the cybercrime group TeamPCP, which took advantage of a supply chain attack on the open-source security tool Trivy to steal 92 GB of compressed data from the Commission’s AWS infrastructure. The infamous ShinyHunters gang subsequently disclosed the data, which contained emails and personal information from up to 71 clients across EU institutions. This breach highlights the vulnerability of the open-source software supply chain that supports the security tools utilized by governments.

      On Thursday, the European Union's computer emergency response team announced that a supply chain attack on an open-source security scanner allowed hackers access to the European Commission's cloud infrastructure, leading to the theft and public exposure of around 92 gigabytes of compressed data, inclusive of personal information and email contents from staff across numerous EU institutions.

      CERT-EU attributed the breach to TeamPCP, which has been methodically compromising security tools used by organizations for the past six weeks. The data was later leaked online by ShinyHunters, a well-known extortion gang responsible for various breaches, including those at Ticketmaster and AT&T. The dual attribution—one group for the hack, another for the leak—marks an unusual trend in cybercrime investigations, indicating a developing ecosystem of specialization among criminals.

      The incident began on March 19 when the European Commission inadvertently downloaded a tampered version of Trivy, a widely utilized open-source vulnerability scanner maintained by Aqua Security. TeamPCP exploited incomplete credential rotation from a previous breach of Trivy’s GitHub repository in late February, maintaining residual access to inject malicious code into 76 of 77 version tags in the trivy-action repository. When the Commission’s automated security pipeline downloaded the infected update, malware captured an AWS API key that provided the attackers access to the Commission’s cloud account on Amazon Web Services.

      Following that, the intrusion progressed through what Unit 42 at Palo Alto Networks described as a thorough reconnaissance campaign. The attackers employed TruffleHog, a tool aimed at scanning cloud credentials, to locate further secrets. They then created a new access key linked to an existing user to avoid detection before enumerating IAM users and roles, EC2 instances, Lambda functions, RDS databases, S3 buckets, and Route 53 hosted zones. Their target focus was on ECS clusters, mapping task definitions to identify targets for direct container access and extensive data exfiltration from AWS Secrets Manager.

      The European Commission’s Cybersecurity Operations Centre did not notice the unusual activity until March 24, five days post-compromise, when alerts indicated potential misuse of Amazon APIs and an unusual surge in network traffic. The Commission made the incident public on March 27, and the following day, ShinyHunters published the dataset on their dark web leak site.

      The extent of the exposure is considerable. The stolen data pertains to websites hosted for up to 71 clients of the Europa.eu web hosting service: 42 internal European Commission clients and at least 29 other EU entities. CERT-EU confirmed that the published dataset, roughly 340 GB uncompressed, encompassed nearly 52,000 files of outbound email communications, along with lists of names, usernames, and email addresses. Agencies potentially impacted include the European Medicines Agency, the European Banking Authority, ENISA, and Frontex, the EU’s border and coast guard agency.

      The Trivy compromise was not an isolated occurrence. From March 19 to 27, TeamPCP executed what Palo Alto Networks termed a systematic campaign against open-source security infrastructure. Following Trivy, the group targeted Checkmarx KICS, an infrastructure-as-code scanner, inserting malicious commits to all 35 version tags on March 21. They then transitioned to LiteLLM, an AI gateway tool, because BerriAI’s CI/CD pipeline utilized Trivy for scanning, and the infected trivy-action acquired a PyPI publishing token, enabling the attackers to directly push malicious packages to the Python Package Index. Each compromised tool served as a pathway to the next target, creating a cascading supply chain attack affecting organizations well beyond the European Commission.

      The implications for the governance frameworks that Europe has been developing for years are troubling. The EU’s Cybersecurity Regulation, enacted in 2023, aimed to ensure institutional resilience against precisely this form of attack. The NIS2 Directive makes board-level executives directly accountable for cybersecurity failures, with penalties that include fines and disqualification. However, the Commission’s infrastructure was compromised through a vector—a tainted update to a security scanning tool—that lies firmly in the blind spot between supply chain management and runtime protection.

      TeamPCP, also known as DeadCatx3, PCPcat, and ShellForce, has been documented by CrowdStrike, Wiz, and SANS as a cloud-native threat actor that exploits misconfigured Docker APIs, Kubernetes clusters, and Redis servers. The group is associated with ransomware, data exfiltration, and cryptomining campaigns, and has recently announced a partnership