European Commission hit by cyber attack targeting mobile presence

Central mobile device infrastructure hit in late January

Pro

The European Commission was targeted by a successful cyber attack on its central mobile device infrastructure in late January.

Attackers, who were not identified in a press release, were able to access names and phone numbers of employees for nine hours.

The incident took place on 30 January and was disclosed late last week.

No intrusion into the mobile devices themselves was involved, according to the Commission.

The attack fits a broader pattern. Europe, like businesses, faces cyber and hybrid attacks every day, the Commission said. “This makes strengthening digital defences and security a priority.”

Ten days before the attack, on 20 January, the Commission presented rules to strengthen the Union’s collective defence. These measures are being implemented under the NIS2 Directive.

It is not known how many attacks European government agencies face on a monthly basis and to what extent they manage to identify the perpetrators.

The European Commission uses Ivanti Endpoint Manager Mobile (EPMM) as its central mobile management solution. The attack likely exploited the critical vulnerability CVE-2026-1281 in EPMM, a zero-day exploit, was revealed via a message from the Dutch National Cyber Security Centre.

Emerce

Read More: cyber security European Commission NIS2 security