**European Commission Probes Cyberattack on Mobile Device Management System**

The European Commission is investigating a cyberattack after detecting signs that its mobile device management system was compromised.

According to an advisory issued by the organization, on January 30th, the Commission's central infrastructure managing mobile devices identified traces of a cyber-attack, which may have resulted in access to staff names and mobile numbers of some of its staff members.

The Commission swiftly responded to the incident, containing and cleaning the system within nine hours. Fortunately, no compromise of mobile devices was detected.

While the investigation is ongoing, it has been revealed that attackers could use the stolen data to launch targeted vishing and phishing attacks by impersonating colleagues or officials to steal credentials.

The stolen data also enables reconnaissance for spear phishing or physical targeting of key personnel. Furthermore, GDPR violations and reputational damage undermine the Union's cyber credibility.

This incident is not an isolated one, as the European Commission has been a target of cyberattacks in the past. In April 2021, a spokesperson confirmed that multiple EU institutions, agencies, and IT infrastructure were hit by a severe IT security incident.

The authorities did not disclose any details about the type of threats that hit the institutions or the alleged threat actors behind the attack.

An official also revealed that staff was recently warned of an ongoing phishing campaign against EU representatives. The investigation is being led by the European Computer Emergency Response Team (CERT-EU), which will determine the extent of the breach and recommend measures to improve cybersecurity within the Commission.

**The Impact**

The stolen data, including staff names and mobile numbers, can be used for targeted attacks, such as vishing and phishing. Attackers may use this information to impersonate colleagues or officials, tricking victims into divulging sensitive credentials.

The incident also highlights the importance of robust cybersecurity measures within critical services and institutions. The European Commission's commitment to safeguarding EU systems is evident in its swift response to the breach and ongoing efforts to strengthen cybersecurity.

**The Investigation**

While the investigation is still underway, CERT-EU is working closely with the European Commission to determine the extent of the breach and recommend measures to improve cybersecurity within the organization.

The European Commission will continue to monitor security, strengthen cybersecurity, and review the incident to improve protections, reflecting its commitment to safeguarding EU systems amid ongoing cyber threats.

**Stay Informed**

Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest updates on this story and other cybersecurity news.