An entire Italian ministry has disappeared from the web. The site of the Mite, the Ministry of Energy Transition is offline since the early afternoon of Wednesday 6 April. The homepage does not open, it is not possible to access any of the internal pages; del Mite remains only in the Google snippets.
More than 24 hours have passed at the time of writing, and still the causes of the disservice have not been communicated. It must be said that yesterday it was the head of the department himself, Roberto Cingolani, who explained that it was a precautionary measure, to stop “external threats detected on the computer network”. At Sportello Italia Recovery, on Radio1, Cingolani stated that “safety is the number one priority. In addition to energy security, as I speak to you I can tell you that we have external threats detected on the Ministry’s IT network and for prudence we had to suspend operation. of all the information systems of the ministry “. A clear admission, yes, that something is wrong.
But what or who can affect the entire IT system of an Italian ministry to the point of suggesting measures of this magnitude? When asked if it could be an attack attributable to pro-Russian cybercriminals, the Minister replied that “it is impossible to answer at this moment, there are the structures in charge that are working”. And many experts speculate that it may be a ransomware, a software that encrypts data and makes it unusable; in order to use them again, cybercriminals usually ask for a ransom.
“We must restore them as soon as possible.” This was stated by the director general of the National Cybersecurity Agency, Roberto Baldoni, host of ‘beraking latest news Live’, in the aftermath of external threats detected on the IT network of the Ministry of Ecological Transition which led to the suspension of the operation of all systems computer scientists of the ministry. “It is clear that the deeper the attack can be, we have also seen it with Ferrovie, the more time it takes to try to restore things without risk,” he concluded.
Baldoni refers to the recent hacking of Trenitalia, which paralyzed the site and slowed down internal activities. In that case it was ascertained by analysts that the attacker was the Hive group, with Russian and Bulgarian members and affiliates. As if to say: money, not ideology, even if geographically the attribution of the attack to Russia is correct. The reconstruction of the dynamics also seems correct: a ransomware would have been used.
And then there was the blocking of Sogei’s IT systems, which on March 30 took offline the sites of the Department of Finance of the Ministry of Economy and Finance, the Revenue Agency, the Customs and Monopoly Agency . Some functions of the Green Pass are not available for hours, no online bets, invoices and electronic recipes are available. Indeed, the site of the Italian Computer security incident response team (Csirt) was unreachable for some time. It was not a hacker attack, but a drop in tension, explained the General Information Society, which manages most of the IT systems of the Public Administration.
Both Sogei and Il Mite have been contacted by Italian Tech; we look forward to their comments.
(Article being updated)