Cybercrime, Sogei reassures: "No hacker attack on the Revenue Agency"

"There are no cyber attacks or data stolen from the institution's platforms and technological infrastructures." But the Rome Public Prosecutor's Office opens an investigation: the LockBit cybergang is in the crosshairs. Baldoni (ACN): "The tax system is in excellent health" 26 Jul 2022 Federica Meta Journalist

No cyberattacks on the Revenue Agency, nor have data been stolen. If anything, at least as it seems from the first findings, the profile of a professional would have been hacked but without being able to "pierce" up to the public data of the Agency. After a day of alarm and investigations, Sogei, contacted by Hades as soon as the news of the intrusion had spread, reassures. "From the first analyzes carried out – informs Sogei – cyber attacks do not appear to have occurred nor data have been stolen from the platforms and technological infrastructures of the Financial Administration". The breach through which, according to the first information, 78 gigabytes of data would have been stolen from the administration is therefore excluded. In any case , investigations by the Postal Police continue while the Rome Public Prosecutor's Office has launched an investigation. In the crosshairs the cybergang LockBit, a group of hackers that some believe operates for Russia, active in ransomware attacks. Index of topics • Commentary by Roberto Baldoni (ACN) • What happened • LockBit, who is cybergang The comment of Roberto Baldoni (Acn) "The tax system is in excellent health – said the director of the National Agency for Cybersecurity, Roberto Baldoni, to Tg1 – We imagine that the attacker is a third party that somehow works with the Revenue Agency, but on this there are ongoing investigations".

What happened LockBit would have announced on the dark web that it had stolen 78 gigabytes of data from the Revenue Agency through malware, ordering a five-day ultimatum for the payment of the ransom for the return of documents, scans, financial reports and contracts, of which sample screenshots of the stolen material will soon be published. To detect the intrusion Swascan, pole of the Tinexta group. The Revenue Agency therefore immediately requested the intervention of Sogei. "With reference to the news that appeared on social media and taken up by some media outlets about the alleged theft of data from the tax information system - reads an official note - the Revenue Agency specifies that it immediately asked for feedback and clarifications from Sogei Spa, a public company wholly owned by the Ministry of the Economy and Finance, which manages the technological infrastructures of the financial administration and which is carrying out all the necessary checks". LockBit, who is cybergang Lockbit 3.0, as the name suggests, is the third incarnation of a gang of cyber criminals who specialize in ransomware attacks. Born in 2019, it is one of the most active collectives dedicated to this type of cyber crime in 2022. Suffice it to say that, according to a study recently published by Swascan – part of the cyber hub of Tinexta Group – 30.2% of all ransomware attacks in the second quarter of 2022 are attributable to this group. "Lockbit has definitely established itself as one of the leading threat actors in the cyber threat landscape of 2022. Its decentralized and highly efficient nature has allowed it to establish itself quickly, surpassing even other 'known' names in this field such as the pro-Kremlin gang Conti", explains Swascan CEO Pierguido Iezzi. "Lockbit, like other large groups of this kind operate in a similar way to companies, so much so that this 'cyber crime cartel' has even equipped itself with a bug-hunting program. Profits and brand reputation are at the heart of these cybercriminals, so much so that at the beginning of the war in Ukraine they wanted to support their apoliticity with a press release repudiating any kind of militant engagement in the conflict.