After LockBit’s claim of attacking the Italian Revenue Agency on the 25th, an investigation done by the Red Hot Cyber (RHC) open-news project has revealed that the stolen data is from another Italian organisation, GESIS Srl. The investigation discovered that the threat actor who stole the data was an affiliate and when asked if they were sure that the data was from the Italian Revenue Agency, LockBit responded by saying they needed time to verify it as it was from an affiliate. RHC then discovered a connection between the Revenue Agency and Studio Teruzzi during an analysis of the Studio Teruzzi post on the LV ransomware data leak. Both posts seemed to have a connection to GESIS Srl.
This connection was later confirmed on Monday 25th of July 2022 by GESIS Srl when they released a press release stating the data published on the LockBit data leak site under the Italian Revenue Agency posting was from one of their servers that had been a subject of a recent cyber-attack attempt that was aimed at encrypting their files and data exfiltration, with a relative ransom note.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.