Hackers Breach EU Commission Via Security Tool Trivy

A significant data breach at the European Commission has been linked to the exploitation of an open-source security tool, revealing critical vulnerabilities in the software supply chain that governments and enterprises depend on. The EU’s computer emergency response team, CERT-EU, confirmed that cybercriminals leveraged a compromised version of the popular vulnerability scanner Trivy to infiltrate the Commission’s AWS cloud environment, ultimately stealing and leaking 92 gigabytes of compressed data.

The attack is attributed to the cybercrime group TeamPCP, which conducted a supply chain attack by poisoning the Trivy repository. Following an earlier breach of Trivy’s GitHub in late February, the group exploited incomplete credential rotation to force malicious code into 76 of 77 version tags. When the European Commission’s automated security systems pulled the tainted update on March 19, embedded malware harvested an AWS API key, granting attackers full access to the cloud account.

Once inside, the hackers executed a methodical reconnaissance campaign. Using tools like TruffleHog to scan for additional credentials, they attached a new access key to an existing user to avoid detection. They then systematically enumerated IAM roles, EC2 instances, S3 buckets, and other cloud resources, focusing on ECS clusters to facilitate bulk data exfiltration from AWS Secrets Manager.

The Cybersecurity Operations Centre at the Commission did not detect the anomalous activity until March 24, triggered by alerts concerning unusual Amazon API usage and a spike in network traffic. Public disclosure followed on March 27. Just one day later, the notorious ShinyHunters extortion gang published the stolen dataset on its dark web leak site. This group, responsible for breaches at Ticketmaster and AT&T, appears to have acquired the data from TeamPCP, highlighting a growing trend of specialization within cybercriminal ecosystems.

The scale of the exposure is substantial. The leaked data, approximately 340 GB when uncompressed, pertains to websites hosted for up to 71 clients of the Europa.eu web hosting service. This includes 42 internal Commission clients and at least 29 other EU entities. The dataset contains nearly 52,000 files of outbound email communications, alongside lists of names, usernames, and email addresses. Potentially affected agencies include the European Medicines Agency, the European Banking Authority, and the border agency Frontex.

This incident was not an isolated event. Between March 19 and 27, TeamPCP waged a systematic campaign against open-source security infrastructure. After compromising Trivy, the group targeted the infrastructure-as-code scanner Checkmarx KICS, pushing malicious commits to all 35 of its version tags. They then pivoted to the AI gateway tool LiteLLM, leveraging a stolen PyPI token harvested via the poisoned Trivy action to push malicious packages directly to the Python Package Index. This created a cascading supply chain attack affecting organizations far beyond the initial EU target.

The breach presents a direct challenge to the EU’s own cybersecurity governance frameworks. Regulations like the 2023 Cybersecurity Regulation and the NIS2 Directive, which mandates executive accountability for security failures, were designed to prevent such incidents. Yet the Commission’s infrastructure was compromised through a poisoned update to a security tool, a vector that exists in a blind spot between supply chain management and runtime protection.

TeamPCP, also tracked as DeadCatx3 and ShellForce, is identified by security firms as a cloud-native threat actor specializing in exploiting misconfigured Docker APIs, Kubernetes clusters, and Redis servers. Their activities, which include ransomware and data exfiltration, reflect a growing professionalization of cybercrime, with specialized groups collaborating across different stages of an attack.

This incident arrives at a sensitive time for EU digital sovereignty. The Commission’s reliance on AWS for web infrastructure has already faced scrutiny from legislators advocating for European cloud providers. A breach that flows from a compromised open-source tool to an American cloud platform and ends with an international crime syndicate will undoubtedly intensify that debate, questioning whether regulatory ambitions are matched by operational security.

For the broader technology industry, the implications are immediate and profound. The open-source security tools trusted to scan code, audit infrastructure, and ensure compliance have themselves become a primary attack surface. When a scanner like Trivy, used by thousands of organizations globally, is weaponized, the model of automated security breaks down. The fundamental trust assumptions underpinning modern software development and cloud infrastructure are called into question.

CERT-EU continues to coordinate the incident response under the EU Cybersecurity Regulation. For the 71 clients whose data was exposed, remediation is just beginning. For the wider European technology ecosystem that relies on the same tools and cloud platforms, this breach serves as a stark warning, one that has unfortunately arrived after the fact.