Photo credit: Shutterstock
A hacker group with ties to Russia has claimed responsibility for a recent ransomware attack targeting the Italian energy industry. Rome said this could be related to Russia’s invasion of Ukraine.
In a post posted on the so-called dark web, the BlackCat group said it had stolen 700 gigabytes of data from a network controlled by Italy’s GSE energy agency, and threatened to release the information online if the request was ignored. threatened. Attached to this post were several images of what appeared to be internal documents. The scale of BlackCat’s extortion demands was not immediately apparent.
Also known as ALPHV, this group infiltrates victim’s computers and uses malicious software to encrypt files stored on the computer, making them inaccessible. The gang then demands payment to unlock the files. In recent months, BlackCat has targeted a variety of companies, including law firms, building contractors, video game makers, and technology suppliers. The group is also known for attacks on the energy sector.
In July, BlackCat invaded Luxembourg-based gas and energy provider Creos Luxembourg and its parent company Encevo SA. In February, a hacker affiliated with the same cybercriminal group infected his Mabanaft GmbH and his Oiltanking GmbH computers.
Luxembourg’s main energy supplier admitted in August that hackers had exposed a large amount of customer data to the dark web, advising customers to closely monitor their bank accounts and change passwords for online services. A cybersecurity firm linked the Encevo attack to his BlackCat.
Italy’s GSE announced earlier this week that it had been compromised and had shut down some of its IT systems. In addition to other functions, the GSE is he one of the government agencies responsible for the operation of the Italian electricity market.
On Wednesday, Italian giant Eni SpA announced that its computer network had been hacked, adding that the impact was minor. To date, no one has claimed responsibility for the attack. Prime Minister Mario Draghi has since called a meeting with Italian officials to discuss the incident.
Foreign Minister Luigi Di Maio said on Friday that cyber-attacks against companies in Western Europe are on the rise in the wake of Russia’s invasion of Ukraine. The minister added that the attack was part of a destabilizing strategy seen since the February invasion, but did not specify its source.
Researchers from Unit 42, a cybersecurity team at Palo Alto Networks Inc., have linked BlackCat members to Russia, and that the group communicates with its members or affiliates in Russian and is active on Russian cybercrime forums. I pointed out that it is known to be
It is unclear whether the BlackCat gang operates under the direction of the Russian government. The group may have members or affiliates based outside the country, according to cybersecurity researchers. The links between the Russian cybercrime world and the country’s intelligence services are notoriously murky.
According to Brett Callow, a threat analyst at cybersecurity firm Emsisoft, the BlackCat gang has links to another ransomware group named DarkSide, which compromised Colonial Pipeline Co. last year. Callow said BlackCat’s targeting of energy companies is particularly dangerous. Such an attack could disrupt power and gas supplies.
For example, after the DarkSide hack, the Colonial Pipeline closed the nation’s largest fuel pipeline for several days, causing fuel shortages across the East Coast. According to Callow, hackers don’t always know or care about the impact of their attacks.
Last April, the U.S. Treasury Department announced sanctions against Russia, allowing the country’s FSB intelligence services to “train and recruit criminal hackers” to engage in “destructive ransomware attacks and phishing campaigns.” I claimed there is.
©2022 Bloomberg LP
