嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头。首先,我需要仔细阅读文章,抓住关键点。 文章讲的是欧盟委员会的一个安全漏洞事件。他们使用亚马逊的云服务,结果被攻击者入侵了。虽然欧盟还没公开这件事,但BleepingComputer已经了解到情况,至少影响了一个AWS账户。亚马逊方面则表示他们的服务没有问题,运行正常。 攻击者声称窃取了超过350GB的数据,并提供了截图作为证据。他们还说不会勒索欧盟,但会把数据泄露到网上。此外,欧盟之前在二月份也披露过另一次数据泄露事件,那次是针对移动设备管理平台的攻击,可能和最近的这次有关系。 最近欧盟还在推进新的网络安全立法,加强防御能力。同时,欧盟理事会还制裁了三家参与网络攻击的中伊公司。 总结一下:欧盟委员会遭遇云服务安全漏洞,攻击者窃取大量数据并计划泄露;亚马逊确认服务无问题;此次事件可能与之前针对欧洲机构的类似攻击有关;欧盟正推进新的网络安全法规。 </think> 欧盟委员会遭遇云服务安全漏洞,攻击者声称窃取350GB数据并计划泄露;亚马逊确认其服务未受影响;此次事件可能与近期针对欧洲机构的类似攻击有关;欧盟正推进新的网络安全法规以应对威胁。 2026-3-27 16:30:18 Author: www.bleepingcomputer.com(查看原文) 阅读量:1 收藏
The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to the Commission's Amazon cloud environment.
Although the EU's executive cabinet has yet to disclose the incident publicly, BleepingComputer has learned that the breach affected at least one of the Commission's AWS (Amazon Web Services) accounts.
"AWS did not experience a security event, and our services operated as designed," an AWS spokesperson told BleepingComputer after publishing time.
Sources familiar with the incident have told BleepingComputer that the attack was quickly detected and that the Commission's cybersecurity incident response team is now investigating.
While the Commission has yet to share any details about this breach, the threat actor who claimed responsibility for the attack reached out to BleepingComputer earlier this week, stating that they had stolen over 350 GB of data (including multiple databases).
They didn't disclose how they breached the affected accounts, but they provided BleepingComputer with several screenshots as proof that they had access to information belonging to European Commission employees and to an email server used by Commission employees.
The threat actor also told BleepingComputer that they will not attempt to extort the Commission using the allegedly stolen data as leverage, but intend to leak the data online at a later date.
The Commission disclosed another data breach in February after discovering on January 30 that the mobile device management platform used to manage its staff's devices had been hacked.
The January incident appears to be linked to similar attacks targeting other European institutions (including the Dutch Data Protection Authority and Valtori, a government agency of Finland's Ministry of Finance) that exploit code-injection vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software.
These recent security breaches come on the heels of the Commission's January 20 proposal for new cybersecurity legislation to strengthen defenses against state-backed actors and cybercrime groups targeting Europe's critical infrastructure.
Last week, the Council of the European Union also sanctioned three Chinese and Iranian companies for orchestrating cyberattacks targeting the critical infrastructure of member states.
Update March 27, 13:56 EDT: Added Amazon statement.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
如有侵权请联系:admin#unsafe.sh