Suspected Russian Ransomware Group Hacks Italian Energy Agency
The so-called BlackCat group has targeted a wide range of companies in recent months, including law firms, building contractors, a video game maker and technology suppliers.
September 2, 2022
(Bloomberg) -- A hacker group with links to Russia has claimed responsibility for a recent ransomware attack targeting Italy’s energy industry, amid an escalation the Rome-based government says could be related to the Russian invasion of Ukraine.
In a post published on the so-called dark web, the BlackCat group said it stole 700 gigabytes of data from networks controlled by Italy’s GSE energy agency, and threatened to publish the information online if its demands were ignored. The post was accompanied by several images of what appeared to be internal documents. The size of BlackCat’s extortion demand wasn’t immediately clear.
GSE said earlier this week that it suffered a breach, resulting in the company shutting down some IT systems. In addition to other functions, GSE is one of the government agencies responsible for running Italy’s electricity market.
On Wednesday, Italian giant Eni SpA said that its computer networks had been hacked, adding that the consequences appeared to be minor. No one has claimed responsibility for that attack to date. Prime Minister Mario Draghi later convened a meeting with top Italian officials to discuss the incidents.
Foreign Minister Luigi Di Maio said on Friday that cyberattacks on western European companies have risen following the Russian invasion of Ukraine. The minister added that the attacks are part of a destabilization strategy seen since the invasion in February, without specifying their source.
Researchers at Unit 42, a cybersecurity team at Palo Alto Networks Inc., have linked BlackCat’s members to Russia, pointing out that the group communicates with its members or affiliates in the Russian language and is known to operate on Russian cybercrime forums.
The BlackCat group, also known as ALPHV, breaks into its victims’ computers and uses malicious software to encrypt files stored on them so that the files cannot be accessed. The gang then demands payment to unlock the files.
BlackCat has targeted a wide range of companies in recent months, including law firms, building contractors, a video game maker and technology suppliers. The group is also known for attacks on the energy sector.
It’s unknown whether the BlackCat gang operates under the direction of the Russian state. The group may have some members, or affiliates, who are based outside the country, according to cybersecurity researchers. Connections between the Russian cybercrime world and the country’s intelligence agencies are notoriously muddy.
In July, BlackCat breached Luxembourg-based gas and energy provider Creos Luxembourg and its parent company Encevo SA. In February, hackers affiliated with BlackCat infected computers at Mabanaft GmbH and Oiltanking GmbH.
The BlackCat gang has links to another ransomware group named DarkSide, which last year breached Colonial Pipeline Co., according to Brett Callow, a threat analyst at cybersecurity firm Emsisoft. Callow said BlackCat’s targeting of energy companies stands out as particularly dangerous, as it’s possible for such attacks to disrupt supplies of electricity or gas.
After the DarkSide hack, for instance, Colonial Pipeline shut down the largest fuel pipeline in in the US for several days, resulting in fuel shortages across the East Coast. The hackers, Callow said, aren’t always in a position to know the impact their attacks will have, and may not even care.
In April last year, the US Treasury issued sanctions against Russia and alleged that the country’s FSB intelligence agency “cultivates and co-opts criminal hackers” and enables them “to engage in disruptive ransomware attacks and phishing campaigns.”
Read more about:
EnergyAbout the Author
You May Also Like