(by Massimiliano D'Elia) All over the world there are large-scale hacker attacks, in some cases, targeting critical infrastructures causing serious problems that are difficult to solve immediately. A phenomenon that has shown, in a disarming way, the extreme vulnerability of States in the face of the virtual threat whose principal (often of state origin) is really difficult to identify and counter on equal terms. In the United States, the attack on the largest fuel distribution network in the country or the sabotage in the process of controlling the aqueducts of some northern states are just some of the "known" cases that have revealed how the new domain of transnational confrontation and apparently "neutral" is in fact the new challenge facing our governments.
The most active hacker groups have their bases in Russia, Iran e China. Sensational was the latest hacker attack carried out by the Russian group known as REVIL. The action was kind ransomware and hit several American companies with server blocking, data theft, or worse, compromise of access keys. The return to normal usually occurs only after the payment of large sums of money in cryptovaluta. A payment method that cannot be traced. The most emblematic, the attack last May against the largest meat supplier in the US, the JBS, which to get back the company access keys he had to pay $ 11 million in "ransom".
The attack on the Lazio Region. During the last weekend, the Lazio Region servers were attacked with the blocking of almost all the files of the Ced. The cup and vaccination reservations system was affected by the attack. The first investigations speak of an attack from abroad with a request for a ransom. Governor Zingaretti talks about terrorism and the most serious cyber offensive ever in the country. He also assured that there will be no negotiations with the perpetrators of the blitz. What is certain is that if we are talking about cyber terrorists it is really difficult not to pay a ransom to get the servers back up and running. In the meantime, our security services are taking over the difficult situation. However, the timing of the story makes you smile because it is alone the National Cybersecurity Agency was recently established in Italy with considerable difficulty, better late than never?
The Iranian attack. A group of hackers, which analysts claim is led by the Iranian government, used fake profiles gmail e Facebook to break into the servers of a US defense contractor. A report released yesterday by the Californian cybersecurity company Proofpoint identified the hacker group responsible for the attacks: Threat Actor 456 (TA456).
Also known as Imperial Kittens e tortoiseshell, the TA456 according to Proofpoint is among the "most determined" groups against Iran's enemies by targeting Western defense industries trading in the Middle East.
TA456's most recent operation took place with a simple but effective ploy. They invented a fictional profile under the name of "Marcy Flores“, A woman who lived in the British city of Liverpool. This woman, with a google and Facebook profile appropriately populated with images that took the life of a normal person, contacted several employees employed in the defense industries of the United States. One of these employees "took the bait" by starting to "flirt" with Flores on Facebook starting in 2019.
In June 2021, Flores sent his "virtual lover" a video that contained a hidden link, a malware, known as LEMPO, designed to provide hackers with copies of files found on penetrated systems. The action took some time but in the end it paid off.
It is no coincidence that Facebook last month said it had taken action against a group of hackers in Iran in order to stop their ability to use the most famous and used social platform in the world.
The new domain of confrontation is, as we have seen, cyberspace, a world where it is almost impossible to trace the instigators of the attacks and the places from which they trigger malicious activities. A greater culture on cybersecurity and greater investments in structures and infrastructures dedicated to cybersecurity are the essential basis for trying to counter a phenomenon that is constantly growing (in 2020 there was an increase of 256%) and that does not give any discounts to anyone. In Italy we realized this perhaps a little too late.