The EU’s AWS “Master Key”: How a Compromised Trivy Update Leaked 340GB of Data In March the European Commission's public europa.eu platform was compromised after a supply‑chain attack on the Trivy security tool—attributed to threat actor TeamPCP—allowed attackers to steal an AWS API key and move laterally across affiliated accounts. The extortion group ShinyHunters published roughly 91.7 GB compressed (340 GB raw) of stolen data...

A compromised Trivy update led to TeamPCP stealing an AWS API key, leaking 340GB of EU public data including emails and contracts. Key rotations and security measures followed. #TrivyAttack #AWSLeak #EuropeanUnion

From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise CrowdStrike discusses how this activity was discovered, how the attack works, what the payload does, and how to defend.

This is a good write-up of the recent Trivy supply chain attack, really informative. Apparently TeamTCP "are currently extorting several multi-billion-dollar companies from which they've exfiltrated data."

#cyber #trivyattack #cybersecurity #malware #teamtcp
www.crowdstrike.com/en-us/blog/f...