Several European Union institutions, including the European Commission, were revealed to have been hit by a cyberattack in March. As explained by a European Commission spokesperson, the cyber attack targeted the IT infrastructures of multiple EU institutions and agencies. However, it does not appear that any sensitive data was obtained during the attack. Very little information has been revealed about the attack, including who the perpetrators were and how exactly the attack took place.
“We are working closely with CERT-EU, the Computer Emergency Response Team for all EU institutions, bodies and agencies and the vendor of the affected IT solution,” the spokesperson told BleepingComputer.
The investigation into the attack is still ongoing but from what is known, it does not appear that there was any major information breach. However, according to the spokesperson, it is still too early in the investigation to provide any further conclusive information. Though it was said that the scale of the attack was bigger than the usual attacks that target EU agencies on a regular basis. It was serious enough for senior commission officials to be alerted and for staff to be warned about potential phishing attacks.
This attack is one of many that target EU institutions
This is not the first cyber attack to specifically target EU institutions. In January this year, the European Medicines Agency (EMA) was a victim of an attack during which malicious actors were able to access its servers and steal Pfizer/BioNTech COVID-19 vaccine data, which was later leaked online. The agency also said that the leaked data was altered in a way that would undermine trust in vaccines.
European Banking Authority (EBA) was also targeted in an attack in March this year, during which its Microsoft Exchange Servers were affected. According to a statement released by EBA on the attack, the malicious actors may have been able to obtain access to personal data through emails held on those servers. The email systems were taken offline as a precautionary measure. The incident is still under investigation.