The European Commission was the victim of a cyber-attack targeting its Atlas project database. For information, the latter is a directory that groups together the contact details of IT experts in Europe. On August 5, a copy of this data was put up for sale on a forum. Subsequently, the European Commission launched an investigation into the violation of this project.
Launched in 2018, the Cybersecurity Atlas project is a knowledge management platform to stimulate, categorize and map collaboration between European experts. It allows them to be listed and to register on the website to create cyber projects common to different countries of the European Union. It is accessible to everyone: academics, researchers and companies, who leave their contact details there for free.
Recall of facts
The Zetas site and The Record journalists spotted the data leak. Someone was able to access the data by posting a discussion thread on a forum. The individual mentioned that he owns all of the European Union’s project databases, noting that he would sell it on Discord. The latter is a very popular discussion platform. The data on this site then became public and visible to all Internet users. With the help of Kelvin Security, The Record confirmed that the hacker had all the data. Journalists have verified the authenticity of these. And indeed, the hacker had the list of members of cybersecurity companies, government organizations, research centers and universities in Europe. It also held the addresses of the organizations, the full names of the contact persons, the details of the institutions, the passwords, the geolocation and the e-mail addresses of the experts. Blogs also contain information on Hacking Provence associations, members of the North Atlantic Treaty Organization (NATO) and universities such as Aix-Marseille.
The hacker did web scrapping which consists of extracting information available for referencing. He directly extracted the data from Brussels. He launched watering hole and phishing attacks. He tricked the legitimate website into infecting visitors’ computers from the European Commission portal. According to The Record, the hacker entered the computer systems of the Cybersecurity Atlas site.
The hacker would have penetrated the servers of the databases of the European Commission. He had access to the back-end of Cybersecurity Atlas. If the hacker had gone further, he could have attacked each expert individually. A spokesperson for the European Commission said the organization has already taken action, in partnership with CERT-EU (Computer Emergency Response Team for the EU Institutions), the emergency response team. It is a response and alert center for computer attacks and data breaches. Its role is to analyze incidents. At the moment, the site is offline and undergoing maintenance.