The European Commission has launched a rapid internal investigation following an unauthorized intrusion into its cloud environment, hosted on Amazon Web Services (AWS).
Although European authorities are currently keeping tight-lipped and have not yet released official statements to confirm the incident, several sources close to the investigation indicate that at least one of the institutional accounts has been compromised.
The internal cyber emergency response team has, however, promptly detected the suspicious activity, and immediately began to trace the exact boundaries of the breach and block further unauthorized access.
Hacked the europa.eu domain: the loot and the attackers’ intentions
The scope of the exfiltration could prove to be particularly wide and problematic for Brussels’ institutions. The authors of the intrusion have contacted specialized press openly claiming the attack and stating that they stole more than 350 GB of confidential material.
Among the illegally copied files would be several databases containing sensitive information. To demonstrate the authenticity of their claims, the criminals provided some screenshots showing personal details of Commission employees, also demonstrating that they had gained access to an internal-use email server.
However, one unusual detail emerges from the intentions stated by the hostile group: there is no ransom demand. The attackers have explicitly ruled out using the stolen data as a tool for extortion, announcing instead the firm intention to publish the entire archive on the web in the near future.
Recent incidents
In light of the spread of the news, AWS representatives have clarified the dynamics related to their infrastructure. A spokesperson specified that AWS did not register any global critical security event and that cloud services have continued to operate normally for all users.
This detail suggests that the breach derived from compromised credentials or from imperfect configurations on the client side, rather than from an inherent vulnerability in Amazon’s cloud platform.
Today’s incident is unfortunately not isolated. Not long ago, in February, the Commission had to admit a previous breach of its systems, detected at the end of January.
In that instance, the attackers had targeted the platform used for managing mobile devices in use by staff, exploiting specific flaws in the Ivanti Endpoint Manager Mobile software.
A modus operandi that clearly recalled attacks suffered by other continental institutions in the same period, including the Data Protection Authority in the Netherlands and the Finnish government agency Valtori.
The institutional response to cyber threats
These rapid-fire digital assaults occur in a climate of maximum alert for the protection of European networks. On January 20, the Commission had presented a formal proposal to introduce stricter legislative standards, designed specifically to strengthen defenses against criminal organizations and cyber actors supported by hostile nations aiming at the continent’s critical infrastructure.
To confirm this tightening of security policies, last week the Council of the European Union enacted formal sanctions against three companies based in China and Iran, accused of orchestrating and conducting harmful cyber operations against member states.
The absolute priority of Brussels now remains to understand the nature and importance of the 350 GB of data that fell into the wrong hands, preparing to address potential reputational damage and national security implications should the threats of publication materialize.
