The European Commission was compromised after cybercriminals tampered with the open-source security tool Trivy.

      CERT-EU has linked a significant data breach at the European Commission to the cybercrime group TeamPCP, which took advantage of a supply chain attack on the open-source security tool Trivy to steal 92 GB of compressed data from the Commission's AWS infrastructure. The well-known ShinyHunters gang later leaked this data, which contained emails and personal information from as many as 71 clients across EU institutions. This breach highlights the vulnerability of the open-source software supply chain that supports the security tools vital to government operations.

      On Thursday, the European Union's computer emergency response team reported that a supply chain attack on an open-source security scanner allowed hackers access to the European Commission’s cloud infrastructure, leading to the theft and subsequent leak of about 92 gigabytes of compressed data, which included personal details and email communications from various EU staff.

      CERT-EU has attributed the incident to TeamPCP, which has been systematically targeting security tools used by organizations for the past six weeks. The data was later released online by ShinyHunters, an infamous gang known for breaches affecting Ticketmaster, AT&T, and over 60 other companies. This dual attribution—one group responsible for the infiltration and another for the data leak—is unusual in cybercrime investigations and indicates an evolving specialization within criminal networks.

      The attack commenced on March 19 when the European Commission inadvertently downloaded a compromised version of Trivy, a widely utilized open-source vulnerability scanner managed by Aqua Security. TeamPCP had exploited inadequate credential rotation from a previous breach of Trivy’s GitHub repository in late February, retaining access to insert malicious code into 76 out of 77 version tags in the trivy-action repository. As the Commission’s automated security pipeline retrieved the tainted update, the malware captured an AWS API key, granting the attackers access to the Commission’s Amazon Web Services cloud account.

      The breach was characterized by a methodical reconnaissance campaign, as described by Unit 42 at Palo Alto Networks. The attackers utilized TruffleHog, a tool for scanning cloud credentials, to search for additional secrets. They subsequently created a new access key linked to an existing user to avoid detection, while systematically identifying IAM users and roles, EC2 instances, Lambda functions, RDS databases, S3 buckets, and Route 53 hosted zones. The focus was on ECS clusters as they mapped task definitions to identify targets for direct container access and mass exfiltration from AWS Secrets Manager.

      The Cybersecurity Operations Centre of the European Commission did not identify the unusual activity until March 24, five days post-initial compromise, when alerts indicated possible misuse of Amazon APIs and an unexpected rise in network traffic. The Commission made the incident public on March 27, and the next day, ShinyHunters released the dataset on their dark web leak site.

      The magnitude of exposure is considerable, with the stolen data connected to websites hosted for as many as 71 clients of the Europa.eu web hosting service: 42 internal European Commission clients and at least 29 other EU bodies. CERT-EU confirmed that the dataset, approximately 340 GB when uncompressed, included around 52,000 files of outbound emails along with names, usernames, and email addresses. Agencies potentially affected include the European Medicines Agency, the European Banking Authority, ENISA, and Frontex, the EU's border and coast guard agency.

      The breach of Trivy was not an isolated event. Between March 19 and March 27, TeamPCP engaged in what Palo Alto Networks described as a systematic assault on open-source security infrastructure. Following the Trivy incident, the group targeted Checkmarx KICS, an infrastructure-as-code scanner, forcing malicious commits to all 35 version tags on March 21. They then shifted focus to LiteLLM, an AI gateway tool, as BerriAI's CI/CD pipeline utilized Trivy for scanning; the infected trivy-action harvested a PyPI publishing token allowing attackers to directly push harmful packages to the Python Package Index. Each compromised tool acted as a conduit to the next target, creating a cascading supply chain attack that extended well beyond the European Commission.

      The implications for the governance frameworks that Europe has developed over the years are troubling. The EU's Cybersecurity Regulation, established in 2023, aims to ensure institutional resilience against precisely such attacks. The NIS2 Directive holds board-level executives personally accountable for cybersecurity failures, imposing penalties including fines and disqualification. However, the Commission’s own infrastructure was compromised through a vector—a tainted update to a security scanning tool—that lies firmly in the gap between supply chain management and runtime protection.

      TeamPCP, also identified as DeadCatx3, PCPcat, and ShellForce, has been documented by CrowdStrike, Wiz, and SANS as a cloud-native threat actor exploiting misconfigured Docker APIs, Kubernetes clusters, and Redis servers. The group has links to ransomware, data theft, and cryptomining operations and has recently partnered with CipherForce, another ransomware group,