Article Details

European Commission probes intrusion into staff mobile management backend. Officials explore issue affecting infrastructure after CERT-EU detected suspicious activity. Brussels is digging into a cyber break-in that targeted the European Commission's mobile device management systems, potentially giving intruders a peek inside the official phones carried by EU staff. Identified by CERT-EU, the bloc's computer emergency response team responsible for defending EU institutions, the intrusion was detected on January 30 and affected infrastructure associated with centrally managed mobile devices issued to Commission staff. The Commission said it launched an internal incident response and forensic investigation after being alerted to suspicious activity, and warned that the break-in "may have resulted in access to staff names and mobile numbers of some of its staff members." According to the Commission, the compromised environment relates to mobile device management infrastructure, the administrative plumbing that helps IT teams keep tabs on official smartphones and other staff-issued devices. These tools usually sit deep within corporate networks and carry significant administrative privileges, allowing IT teams to enforce policies, install software, and remotely lock or wipe phones. This also makes them prime targets for attackers seeking to move deeper into a network. The Commission said it activated cybersecurity response procedures immediately after CERT-EU raised the alarm. The incident was contained and the system cleaned within nine hours. "No compromise of mobile devices was detected," the Commission added. The incident arrives at an awkward time for the Commission, which has spent the past several years championing sweeping cybersecurity reforms, including the rollout of the NIS2 directive and the Cyber Resilience Act, both designed to tighten security requirements across public and private sector organizations operating within the bloc. The European Commission did not immediately respond to The Register's questions, including how many employees may have been affected, how the attackers breached the system, or whether investigators have identified the person or persons responsible. The Commission says the intrusion was contained, but investigators are likely still piecing together how attackers breached the system and assessing the scope of any potential data exposure.