Η Ευρωπαϊκή Επιτροπή, το κύριο εκτελεστικό όργανο της Ευρωπαϊκής Ένωσης, διερευνά μια παραβίαση ασφάλειας μετά από μια απειλή που απέκτησε πρόσβαση στην υποδομή cloud of Amazon.
Although the executive board of EU has yet to publicly disclose the incident, BleepingComputer has learned that the breach affected at least one account used to manage the compromised cloud infrastructure.
Sources familiar with the incident told BleepingComputer that the attack was quickly detected and that the Commission's cybersecurity incident response team is now investigating.
While the Commission has yet to release details about this breach, the threat actor claiming responsibility for the attack contacted BleepingComputer earlier this week, stating that they had stolen over 350GB of data (including multiple databases).
They did not reveal how they compromised the affected accounts, but they provided BleepingComputer with numerous screenshots as proof that they had access to information belonging to European Commission employees and an email server used by Commission employees.
The threat actor also told BleepingComputer that they will not attempt to blackmail the Commission using the allegedly stolen data as leverage, but plan to leak the data online later.
The Commission revealed another data breach in February, after discovering on January 30 that the mobile device management platform used to manage its staff devices had been compromised.
The January incident appears to be linked to similar attacks targeting other European institutions (including the Dutch Data Protection Authority and Valtoria government agency of the Finnish Ministry of Finance) exploiting code injection vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software.
These recent security breaches come after the Commission proposed on January 20 new cybersecurity legislation to strengthen defenses against state actors and cybercrime groups targeting Europe's critical infrastructure.
Last week, the Council of the European Union also imposed sanctions on three Chinese and Iranian companies for orchestrating cyberattacks targeting critical infrastructure in member states.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to sandbox and hide in plain sight.
Download our analysis of 1,1 million malicious samples to uncover the top 10 techniques and see if your security stack is blindsided.
VIA: bleedingcomputer.com
