Cyberattack on EU Commission's cloud
The European Commission has fallen victim to a cyberattack. A suspected attacker contacted the press.
(Image: Bild: PP Photos/Shutterstock.)
Cybercriminals have attacked the European Commission. They may have also stolen a large amount of data. The EU is still investigating the full impact of the incident.
According to the Commission, the attack occurred on Tuesday. A website of the EU Commission on the EU's own platform europa.eu was affected, but not the Commission's internal systems. "Early findings from our ongoing investigation indicate that data originates from these websites," the Commission explained. The Commission intends to inform other EU institutions that could be affected by the incident. The fact that even supposedly secure infrastructures can become targets was recently demonstrated when attackers gained access to user data at Cloud Imperium Games.
The portal bleepingcomputer, which claims to have received information from one of the threat actors involved, published a few more details. According to the report, the attack affected at least one of the Commission's Amazon Web Services (AWS) accounts. However, Amazon stated that there was no security incident and all services would continue to function as intended, an Amazon spokesperson told Bleepingcomputer.
Screenshots allegedly show access to mail server
According to Bleepingcomputer's information from the alleged attacker, 350 gigabytes of data were stolen in the attack, including several databases. However, the credibility is still questionable: as proof, he provided several (non-public) screenshots allegedly showing access to the Commission's information and one of its email servers. This would contradict the EU Commission's statement that no internal systems were affected. He did not provide details on the method used.
Videos by heise
The attackers' goal is reportedly not to blackmail the Commission. However, they intend to publish some of the data soon. It is currently unclear what data was allegedly stolen. In the past, the EU has already reacted with tough measures to such incidents and sanctioned Iranian and Chinese state hackers for attacks on European institutions. In the current case, the attack on EU data has not yet been attributed to any state actor.
(nen)
