Threat Intelligence Apr 6, 2026

EU Commission Breach: When Your Security Scanner Is the Attack Vector

A threat group compromised Trivy, an open-source vulnerability scanner, and used it to breach the European Commission's cloud environment. 340GB of data stolen, 29 EU entities affected.

What Happened

On March 27, 2026, the European Commission disclosed that its cloud infrastructure had been breached. CERT-EU's investigation traced the initial access back to a supply chain compromise of Trivy, an open-source security scanner made by Aqua Security. The irony: a tool designed to find vulnerabilities in your infrastructure became the vulnerability in theirs.

The threat group behind the attack, tracked as TeamPCP, used a compromised version of Trivy to steal an AWS API key with management rights over European Commission cloud accounts. From there, they exfiltrated approximately 340GB of data affecting 42 internal Commission clients and at least 29 other EU entities. On March 28, data extortion group ShinyHunters published the stolen dataset on their dark web leak site.

Key Facts

  • Target: European Commission AWS cloud environment
  • Initial access: Compromised Trivy security scanner (supply chain)
  • Threat actor: TeamPCP (attributed by CERT-EU)
  • Data stolen: ~340GB uncompressed (92GB compressed)
  • Scope: 42 internal EC clients + 29 other EU entities
  • Detection gap: 5 days (access March 19, detected March 24)
  • Data leaked by: ShinyHunters (March 28)

The Attack Timeline

March 19: Initial Access

The European Commission had deployed a copy of Trivy that had been compromised in an earlier supply chain attack against Aqua Security. Through this compromised version, attackers obtained an AWS API key with management rights for the Commission's cloud accounts. This was the foothold.

March 19-24: Reconnaissance and Credential Harvesting

Once inside, TeamPCP deployed TruffleHog (an open-source secrets scanner) to search for additional credentials across the compromised environment. They validated stolen AWS keys using Security Token Service calls, then attached newly created access keys to existing user accounts to maintain access while evading detection.

Using existing accounts rather than creating new ones is a deliberate choice. New accounts trigger alerts in most monitoring systems. Attaching a new key to an existing account is much harder to spot.

March 24: Detection

The Commission's Cybersecurity Operations Centre detected the intrusion five days after initial access. Alerts flagged suspicious Amazon API usage and an abnormal increase in network traffic. By this point, the attackers had already exfiltrated the data.

March 27: Public Disclosure

The European Commission publicly confirmed the breach. CERT-EU attributed the attack to TeamPCP.

March 28: Data Leaked

ShinyHunters, the same group behind the Salesforce misconfiguration breach we covered in March, published the stolen dataset as a 92GB compressed archive on their dark web leak site. The uncompressed data totalled approximately 340GB.

What Was Stolen

The breach exposed data from up to 71 clients of the Europa web hosting service. The stolen data included:

  • Names, usernames, and email addresses
  • Approximately 51,992 email-related files (2.22GB), including bounce-back notifications that may have contained original user submissions
  • Internal documents from European Commission systems

CERT-EU confirmed that no websites were taken offline and found no evidence of lateral movement to other AWS accounts beyond the initially compromised one. But the data was already gone.

Who Is TeamPCP

TeamPCP is a threat group that specialises in supply chain attacks targeting CI/CD pipelines and developer tools. CERT-EU linked them to the Trivy compromise as well as supply chain attacks against KICS (another Aqua Security tool), LiteLLM (an AI proxy library), and Telnyx (a communications platform).

Their pattern is consistent: compromise a widely-used developer tool or library, harvest secrets and credentials from the tool's users, then use those credentials to access cloud environments. They've targeted packages on GitHub, PyPI, npm, and Docker.

The group's tooling is designed to operate within CI/CD pipelines and exfiltrate harvested secrets through multiple channels including typosquatted domains, GitHub repositories, and Cloudflare tunnels. This makes detection difficult because CI/CD systems regularly communicate with GitHub and external services as part of normal operation.

The Supply Chain Problem

This breach highlights something uncomfortable: the tools you use to secure your infrastructure can become the attack vector. Trivy is one of the most popular open-source vulnerability scanners in the world. It's used by thousands of organisations in their CI/CD pipelines, often with elevated permissions because it needs access to scan container images, infrastructure configs, and code repositories.

That access is exactly what makes it valuable to attackers. When TeamPCP compromised Trivy, they didn't just get a foothold in one organisation. They got access to the credentials of every organisation running the compromised version. The European Commission happened to be one of them.

This is the same pattern we saw with the Claude Code source map leak, where build pipeline security was the weak link. The difference here is that it was weaponised, not accidental.

What Organisations Should Do

  • Pin tool versions in CI/CD. Don't pull "latest" for security-critical tools. Pin to a specific version and verify checksums before each run. If the checksum changes unexpectedly, stop and investigate.
  • Limit CI/CD credentials. The Trivy deployment had an API key with management rights across multiple AWS accounts. That's too much access for a scanning tool. Apply least privilege: give tools only the permissions they need, scoped to the accounts they need them for.
  • Monitor for secrets scanning tools running unexpectedly. TeamPCP used TruffleHog inside the compromised environment to find more credentials. If your monitoring sees a secrets scanner running outside of your normal CI/CD workflow, that's a red flag.
  • Detect new access keys on existing accounts. Attaching new keys to existing IAM users is a known persistence technique. AWS CloudTrail logs CreateAccessKey events. Alert on them, especially for privileged accounts.
  • Separate CI/CD from production. The scanning tool ran in an environment with direct access to production AWS accounts. Isolating CI/CD workloads from production reduces the blast radius if a tool is compromised.
  • Watch for supply chain advisories. OWASP Top 10 2025 includes Software Supply Chain Failures (A03) for exactly this reason. Subscribe to security advisories for every tool in your pipeline, not just your application dependencies.

Scan Your External Attack Surface

Supply chain attacks start with reconnaissance. Exposed cloud services, misconfigured storage buckets, and visible infrastructure details give attackers context for their next move. Luna scans your internet-facing assets for misconfigurations, exposed services, and known CVEs across your external attack surface. Start a scan and see what's visible from the outside.

References