European Commission Suffers ‘IT Security Incident’ – Report

Tom Jowitt,
Image credit: European Commission

Cyberattack carried out last month on the IT systems of the European Commission and a number of other European Union organisations

The European Commission and a number of other European Union agencies have suffered a cyberattack last month.

BleepingComputer cited a European Commission spokesperson who confirmed the ‘IT security incident’ had impacted the IT infrastructure of multiple EU institutions, bodies, or agencies.

“We are working closely with CERT-EU, the Computer Emergency Response Team for all EU institutions, bodies and agencies and the vendor of the affected IT solution,” the spokesperson told BleepingComputer.

Security incident

It is reported that there is no information available at the time of writing about the nature of the incident, or the identity of the attackers behind the attack.

“The Commission has set up a 24/7 monitoring services and is actively taking mitigating measures,” the spokesperson told BleepingComputer.

A forensic analysis of the intrusion attempts is still in the initial phase, and no conclusive information is available, it is reported.

“Let me use this occasion to recall that we take cybersecurity very seriously and apply strict policies to protect our infrastructures and devices,” the spokesperson reportedly said. “We investigate every incident.”

Last month the European Banking Authority (EBA) said it had temporarily disabled its email systems after discovering they had been hacked as part of an ongoing campaign targeting Microsoft Exchange servers worldwide.

The Microsoft Exchange attacks make use of multiple previously unknown security flaws that Microsoft patched in March.

Redmond said the flaws were initially exploited covertly by a Chinese state-backed group it called Hafnium.

China has said it is not involved.

Vaccine hack

In December the European Medicines Agency (EMA) was hacked, and valuable documentation concerning the Pfizer/BioNTech Covid-19 vaccine was stolen.

Hackers have been seeking data on the three leading Covid-19 vaccines for some time now, and intelligence services have been warning the attacks likely stem from nation state hackers.

The EMA subsequent revealed that some of the vaccine candidate data was doctored by by the hackers, before being leaked online to undermine the public’s trust in Covid-19 vaccines.

IBM X-Force researchers in December warned that the cold storage supply chain used to transport viable vaccines had come under cyber-attack – probably by a nation state.