14 DAY TRIAL // 500,000 certified Italian public administration emails were compromised by hackers who specifically targeted the Italian Comitato Interministeriale per la Sicurezza della Repubblica (CISR) as reported by Difesa e Sicurezza.
Although CISR was the primary target, the hackers also compromised certified emails related to other Italian public administration agencies according to Roberto Baldoni, the Deputy Director of the Department for Security Information (DIS).
Baldoni also stated that the adversaries showed all the signs of being organized as a cyberespionage group hinting at the possibility that behind this hacking incident was an advanced persistent threat (APT) group with ties to a nation-state.
89,000 CISR-related email accounts and 9,000 emails of Italian magistrates showed clear evidence of tampering after the attack out of the total of 500,000 emails which were compromised by the adversaries.
Just to have an idea of the entities targeted by the attack, the President of the Council of Ministers, the delegated authority, the Minister of Foreign Affairs, the Minister of the Interior, the Minister of Defense, the Minister of Justice, the Minister of Economy and Finance, and the Minister of economic development are all CISR members.
The hackers exfiltrated usernames and encrypted passwords
"In a risk management system we start to secure the critical assets of the country system. We start from CISR and then we enlarge," Baldoni stated.
"We focused mainly on closing the problem and re-establishing the systems, which are still in place. The post police are carrying out investigations to trace those responsible, who do not come from Italy."
Even though the actors behind the targeted attack did not use complex hacking tools to compromise roughly half a million emails, they did manage to exfiltrate sensitive data such as usernames and passwords.
"This was the worst attack we have had since January this year and it has had important repercussions, but ... the situation is under control," Baldoni told Reuters.
Despite that, the IT systems of all Italian appeal courts were shut down after the cyber attack and all Italians who had their emails hacked were advised to immediately change their password to avoid further access to their accounts.