Europol, the European Union’s legislation enforcement company, confirmed that its Europol Platform for Consultants (EPE) portal was breached and is now investigating the incident after a risk actor claimed they stole For Official Use Solely (FOUO) paperwork containing labeled knowledge.
EPE is a web based platform legislation enforcement specialists use to “share knowledge, best practices and non-personal data on crime.”
“Europol is aware of the incident and is assessing the situation. Initial actions have already been taken. The incident concerns a Europol Platform for Expert (EPE) closed user group,” Europol informed BleepingComputer.
“No operational information is processed on this EPE application. No core systems of Europol are affected and therefore, no operational data from Europol has been compromised.”
BleepingComputer additionally requested when the breach occurred and whether or not it’s true FOUO and labeled paperwork have been stolen as claimed by the risk actor, however a response was not instantly out there.
The hardcopy personnel information of Catherine De Bolle, Europol’s government director, and different senior company officers had additionally leaked earlier than September 2023, as reported by Politico in March.
“On Sep. 6, 2023, the Europol Directorate was informed that personal paper files of several Europol staff members had disappeared,” a notice dated September 18 and shared on an inner message board system stated.
“Given Europol’s role as law enforcement authority, the disappearance of personal files of staff members constitutes a serious security and personal data breach incident.”
At publication time, the EPE web site was offline, and a message stated the service was unavailable as a result of it was below upkeep.
IntelBroker, the risk actor behind the info breach claims, describes the information as being FOUO and containing labeled knowledge.
The risk actor says the allegedly stolen knowledge consists of data on alliance staff, FOUO supply code, PDFs, and paperwork for recon and pointers.
Additionally they declare to have gained entry to EC3 SPACE (Safe Platform for Accredited Cybercrime Consultants), one of many communities on the EPE portal, internet hosting tons of of cybercrime-related supplies and utilized by over 6,000 approved cybercrime specialists from around the globe, together with:
- Legislation enforcement from EU Member States’ competent authorities and non-EU nations;
- Judicial authorities, educational establishments, personal corporations, non-governmental and worldwide organizations;
- Europol workers
IntelBroker additionally says they compromised the SIRIUS platform utilized by judicial and legislation enforcement authorities from 47 nations, together with EU member states, the UK, nations with a cooperation settlement with Eurojust, and the European Public Prosecutor’s Workplace (EPPO).
SIRIUS is used to entry cross-border digital proof within the context of felony investigations and proceedings
In addition to leaking screenshots of EPE’s on-line person interface, IntelBroker additionally leaked a small pattern of an EC3 SPACE database allegedly containing 9,128 information. The pattern accommodates what appears like the non-public data of legislation enforcement brokers and cybercrime specialists with entry to the EC3 SPACE neighborhood.
“PRICING: Send offers. XMR ONLY. Message me on the forums for a point of contact. Proof of funds is required. I am only selling to reputable members,” the risk actor says in a Friday publish on a hacking discussion board.
Who’s IntelBroker?
Since December, this risk actor has been leaking knowledge he allegedly stole from numerous authorities businesses, comparable to ICE and USCIS, the Division of Protection, and the U.S. Military.
It’s unclear whether or not these incidents are additionally related to the alleged April 2024 5 Eyes knowledge leak, however a number of the knowledge dumped within the ICE/USCIS discussion board publish overlaps with the 5 Eyes publish.
IntelBroker grew to become identified after breaching DC Well being Hyperlink, which manages well being care plans for U.S. Home members, workers, and households.
The breach led to a congressional listening to after the non-public knowledge of 170,000 affected people, together with U.S. Home of Representatives members and workers, was uncovered.
Different cybersecurity incidents linked to this risk actor are the breaches of Hewlett Packard Enterprise (HPE), House Depot, the Weee! grocery service, and an alleged breach of Normal Electrical Aviation.
Earlier this week, IntelBroker additionally began promoting entry data to the community of cloud safety firm Zscaler (i.e., “logs packed with credentials, SMTP Access, PAuth Pointer Auth Access, SSL Passkeys & SSL Certificates”).
Zscaler later confirmed they found an “isolated test environment” uncovered on-line, which was taken offline for forensic evaluation despite the fact that no firm, buyer, or manufacturing environments have been impacted. Zscaler has additionally employed an incident response agency to run an impartial investigation.