That last weekend had not been quiet was understood by the apprehension for the Log4Shell flaw that threatens systems around the world. However, another disturbing news did not have the media coverage it deserves, I’m talking about a attack on the Sogin company (Nuclear Plant Management Company), or the public company responsible for the decommissioning of Italian nuclear plants and the management of radioactive waste.
The news is disconcerting if we consider that as stated on the company website, the Group is an operator with a know-how unico in Italia.
As I told you, colleagues on Sunday Marco Govoni, Dario Fadda, e Claudio I am they alerted me about the presence on a known one hacking forum of an ad he claimed the theft of 800GB of data belonging to SOGIN.
Figura 2 – Annuncio su Hacking forum Raid Forums
Incredulous we immediately went to work trying to verify the authenticity of the samples shared by the author of the announcement, aware of the fact that if the volume of exfiltrated data and the sensitive nature of the information were confirmed, we would be faced with one of the most important data breaches suffered by a company controlled by the Italian State.
The seller’s request for 800 Gb of data allegedly exfiltrated by the company is $ 250,000 in cryptocurrencies, a pittance if we think about the strategic importance of information and potentials risks associated with their disclosure.
The possible explanations are different, the actor may be interested in quickly monetizing the attack, or in a more complex and worrying scenario attackers may be intent on divulging information so that they can create chaos and complex investigation of the violation. In the latter scenario, malicious actors may have an interest in making complex the attribution of the attack and the purpose with one diversionary action.
Among the documents released to demonstrate the intrusion we find photos of employees, resumes, plant plans and some financial documents.
boys files posted online as evidence of the attack there is also a text file containing an index of the information that would be in the possession of the seller. Some of the information released would appear to be clear and understandable file in password, a circumstance that suggests the failure to apply minimum safety requirements.
The archive would seem to include information relating to a large time interval, according to an analysis published by Fadda, the attackers would be in possession of documents ranging from 2004 to 2020.
On December 13, Sogin has published a press release confirming that he has suffered an attack to its information system, however, no information is provided about the nature of the intrusion.
“Rome, 13 December 2021. Sogin reports that yesterday he had evidence of a hacker attack on his computer system. The Company immediately informed the competent Authorities with which the procedures were put in place to remedy the incident and verify any violation of profiles related to privacy and data security. Sogin represents that both nuclear and conventional safety of the plants and their operation has always been guaranteed. ” reads the press release.
Behind the announcement of the attack we find a user by name zerox296, known to the world security community for claiming the theft of 1 terabyte of data from the oil giant Saudi Aramco months ago.
The volume and the time span of the stolen information is extremely worrying. We remember that Sogin has active collaborations with other strategic Italian companies such as Leonardo and Saipem that provide services to sectors such as national critical infrastructure.
What could happen if the stolen information ends up in the hands of an attacker?
The answer is very troubling, there could be repercussions on national security for many reasons, primarily because it deals with an impressive amount of information relating to national critical infrastructures which are potential targets for nation-state actors, cybercriminal groups and activists.
The information could be used for purposes of espionage on the activities of the Italian government and of realities of primary importance that are connected to Sogin in various capacities.
Let’s talk about the information assets relating to plants involved in the development of the national nuclear program in recent decades.
Dangerous too scenario of an attack for the purpose of sabotage, among the information managed by the company there are documents that describe the methods of storage of radioactive waste and the plans of processing and storage plants. This information could be used by terrorist groups or activists for demonstration attacks.
We can go on for hours, citing the risks of exposing this information, the reality is that we are facing a very worrying attack that needs the utmost attention by the institutions in order to avoid catastrophic repercussions in the coming months.
.