For some time now there has been a spate of hacker actions to Italian institutions, which does not seem to subside. As demonstrated by the very recent hacker attack at the University of Pisa.
It is a second wave, after a first set that had seen the most sensational action in the offensive against the Lazio Region. So sensational that it made the President of the Region Nicola Zingaretti declare that it was “The most serious cyber offensive ever in the country”. As well as the “most serious attack ever against a public administration”.
The Killnet Attacks
A second series of criminal cyber actions had an overtly political matrix. And it is no coincidence that it began with the Russian invasion of Ukraine, and with the fact that our country has openly sided with the besieged population.
In this case, the hackers of the very young Killnet group, ideologically close to Moscow, were the architects of the cyber attacks.
The attack method, compared to the previous ones, had changed: no longer offensive ransomware but DDoS, which hay systems with an exorbitant number of requests in a very short time.
During the month of May, Killnet put a strain on the IT structures of various institutional sites or sites of primary importance. These include the sites of the Senate and Defense, that of the State Police, those of the Superior Council of the Judiciary and the Customs Agency, of the airports of Linate, Malpensa and Orio al Serio. In addition to the sites of three ministries: that of Foreign Affairs, that of Education and that of Cultural Heritage.
The hacker attack at the University of Pisa
Here, then, on Monday 13 June, another hacker attack, this time against the University of Pisa.
It is an offensive for now shrouded in a certain mystery, also because the University has not yet released any statement on the matter.
Certainly it is a qualitative leap, or rather a return to the past, compared to the offensives of the Killnet group. Which, with DDoS-type actions, slowed down or blocked the targeted sites, but did not cause permanent damage to IT structures or, above all, steal data.
Data stealing
With the hacker attack at the University of Pisa we have instead returned to ransomware-type offensives. Which are not only demonstrative acts, but involve the theft of data and imply the request for a ransom under the threat of the publication of the same data.
Threat that, in the case of the hacker attack on the University of Pisa, has already become a reality.
In the late afternoon of On Sunday 12 June, in fact, the BlackCat group claimed the action on its website on the dark web. And not only that: on the morning of June 13, BlackCat also published some screenshots with the stolen data. Among which, for example, some credentials (including passwords) of online services offered by the university. In addition to files containing sensitive data of students and researchers of the University.
From Palermo to Pisa
Here we are, again, in front of ransomware-type attacks, such as the one in recent days against the Municipality of Palermo.
There the Vice Society group launched the offensive, which seems to have published part of the data stolen after a lack of agreement with the Municipality on the amount of the ransom to be paid in Bitcoin.
The amount of data published is large, and is easily available on the dark web through the Tor browser, without the need for any credentials.
At the mercy of anyone there are names, email addresses, qualifications of municipal employees, clinical and health information but also telephone numbers, identity cards and passports.
Moreover, the attack on the Municipality of Palermo created problems and delays in the voting operations on Sunday 12 June, when the administrative elections were held.
Who is BlackCat
The BlackCat ransomware group, also known by the double abbreviation BlackCat / ALPHV, started operating last year with the powerful ransomware of the same name.
The group is believed to be in some way connected to the DarkSide / Black Matter collective, which in May 2021 hacked the infrastructure of the Colonial Pipeline, an oil pipeline that serves the southern United States.
And so, while in recent days we have wondered if Killnet’s DDoS attacks were just signs of something more serious that could have come, or were the best that the group of young Russian criminals is capable of, today we are grappling again. with ransomware-type offensives. Actions that are not only demonstrative, but which definitely leave their mark.
Hoping that a third season of hacking is not opening.