European Commission Investigating Breach After Amazon Cloud Account Hack (bleepingcomputer.com) 5
The European Commission is investigating a breach after a threat actor allegedly accessed at least one of its AWS cloud accounts and claimed to have stolen more than 350 GB of data, including databases and employee-related information. AWS says its own services were not breached. BleepingComputer reports: Sources familiar with the incident have told BleepingComputer that the attack was quickly detected and that the Commission's cybersecurity incident response team is now investigating. While the Commission has yet to share any details about this breach, the threat actor who claimed responsibility for the attack reached out to BleepingComputer earlier this week, stating that they had stolen over 350 GB of data (including multiple databases).
They didn't disclose how they breached the affected accounts, but they provided BleepingComputer with several screenshots as proof that they had access to information belonging to European Commission employees and to an email server used by Commission employees. The threat actor also told BleepingComputer that they will not attempt to extort the Commission using the allegedly stolen data as leverage, but intend to leak the data online at a later date.
They didn't disclose how they breached the affected accounts, but they provided BleepingComputer with several screenshots as proof that they had access to information belonging to European Commission employees and to an email server used by Commission employees. The threat actor also told BleepingComputer that they will not attempt to extort the Commission using the allegedly stolen data as leverage, but intend to leak the data online at a later date.
The cloud is well-connected (Score:3)
Attackers like that!
In other news, competent cloud account system administration is _harder_ than for local installations, due to all the extra functionality, reachability, complexity, tooling. All of that is a KISS violation and the enemy of security.
I wonder where the auth failed... (Score:2)
The one thing I like having with any critical authentication is FIDO2, webauthn, or a phishing resistant authenticator that does a biometrics check. Even my back tier social media accounts have PIV protection on them, to resist account takeover. As a failsafe, Google TOTP, which is not phish resistant... but it is an extremely solid security measure other than that.
I'm starting to see some decent stuff that if used correctly helps. Microsoft PIM is a good thing. Azure's P2 auth in general isn't bad. I
Re: (Score:2)
Is there anything bad with using Entra with AWS, assuming phish resistance, CA, and other stuff is set up in a sane manner?
Of course, my biggest gripe about Entra is that it is one basked that secures a ton of eggs, and if someone compromises that basket, entire governments can be compromised.
Meanwhile in Finland (Score:2)