ThreatIT Team Reports: Through a newly engineered Trojan, inoculated into computers through USB keys, for almost two years, between May 2015 and January 2017, they stole 10 gigabytes of classified data and information of significant business value. This is what the news concerning the hacker attack on which the Naples Public Prosecutor’s Office is investigating says.
The user profiles of many employees were configured on the workstations targeted by the hackers, some with managerial duties, engaged in business activities aimed at the production of goods and services of a strategic nature for the security and defense of the country such as projects for electronic systems of military aircraft.
Cyber Attack on Leonardo S.p.A
In January 2017, Leonardo’s cyber security structure reported anomalous network traffic, outgoing from some workstations of the Pomigliano D’Arco plant, generated by an artifact software called “cftmon.exe”, unknown to company antivirus systems . The anomalous traffic was directed towards a web page called “www.fujinama.altervista.org”, whose preventive seizure was requested and ordered, and today carried out.
According to Leonardo’s first complaint, the computer anomaly was limited to a small number of workstations and characterized by an exfiltration of data deemed not significant. Subsequent investigations have reconstructed a much more extensive and severe scenario.
In fact, the investigations showed that, for almost two years (between May 2015 and January 2017), Leonardo’s IT structures had been hit by a targeted and persistent cyber attack (known as Advanced Persistent Threat or APT), since it was made with installation in the target systems, networks and machines, of a malicious code aimed at creating and maintaining active communication channels suitable for allowing the silent exfiltration of significant quantities of data and information classified as having significant corporate value.
Two precautionary measures were notified to a former employee and a manager of Leonardo spa (an Italian company active in the defense, aerospace and security sectors) believed to be involved in a serious attack on IT structures against the Aerostructures Division and the Aircraft Division started in 2015.
Suspect Arrested for Investigation of Cyber Attack to Leonardo S.p.A:
Arturo d’Elia, the former employee of Leonardo Spa arrested for whom today the investigating magistrate ordered jail, had even managed to successfully carry out a cyber attack on a NATO base located on Italian territory. An action for which he was so proud to note it on his resume, without specifying that it was precisely for that cyber crime that he had been convicted. Nonetheless, he worked for Leonardo Spa’s IT security.
Recipients of the precautionary measures are the former IT security manager of Leonardo SpA, for whom the investigating magistrate ordered the prison and head of the CERT (Cyber Emergency Readiness Team) of Leonardo spa, a body responsible for managing the computer attacks suffered. by the company to which the precautionary measure of home custody was notified. The former employee is challenged with abusive access to the computer system, unlawful interception of electronic communications and unlawful processing of personal data, according to the crime of misdirection.
Leonardo S.p.A. Respond to Cyber Attack:
Data not compromised, we are the injured party Leonardo released a statement regarding the hacker attack: “With regard to the current measures adopted by the Naples judiciary, Leonardo announces that the investigation was triggered by a complaint presented by the same company security which was followed by others. The measures concern a former collaborator who is not employed by Leonardo and a non-executive employee of the company. The Company, obviously the injured party in this affair, has provided since the beginning and will continue to provide the maximum collaboration to the investigators to clarify the issue. ‘happened and for its own protection. Finally, it should be noted that classified data, i.e. strategic data, is processed in segregated areas and therefore without connectivity and in any case not present on the Pomigliano site “.