Tech
European Commission investigating breach after Amazon cloud hack
The European Commission, the European Union’s main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure.
Although the EU’s executive cabinet has yet to disclose the incident publicly, BleepingComputer has learned that the breach affected at least one account used to manage the compromised cloud infrastructure.
Sources familiar with the incident have told BleepingComputer that the attack was quickly detected and that the Commission’s cybersecurity incident response team is now investigating.
While the Commission has yet to share any details about this breach, the threat actor who claimed responsibility for the attack reached out to BleepingComputer earlier this week, stating that they had stolen over 350 GB of data (including multiple databases).
They didn’t disclose how they breached the affected accounts, but they provided BleepingComputer with several screenshots as proof that they had access to information belonging to European Commission employees and to an email server used by Commission employees.
The threat actor also told BleepingComputer that they will not attempt to extort the Commission using the allegedly stolen data as leverage, but intend to leak the data online at a later date.
The Commission disclosed another data breach in February after discovering on January 30 that the mobile device management platform used to manage its staff’s devices had been hacked.
The January incident appears to be linked to similar attacks targeting other European institutions (including the Dutch Data Protection Authority and Valtori, a government agency of Finland’s Ministry of Finance) that exploit code-injection vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software.
These recent security breaches come on the heels of the Commission’s January 20 proposal for new cybersecurity legislation to strengthen defenses against state-backed actors and cybercrime groups targeting Europe’s critical infrastructure.
Last week, the Council of the European Union also sanctioned three Chinese and Iranian companies for orchestrating cyberattacks targeting the critical infrastructure of member states.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
You must be logged in to post a comment Login