The cyber gang that signs itself with the nickname “adrastea” is claiming possession of data relating to confidential projects of the Italian Army and our Ministry of Defense. From the samples, however, it seems to be an unfounded alarm. Let’s analyze what happened and the activity of this underground group
Data relating to confidential projects of the Italian Army and the Ministry of Defense would be for sale online: the claim is signed by the criminal group that calls itself Adrastea and has been published, complete with a sales announcement, on some underground forums in the language Russian.
From a first analysis of the samples, however, the claim seems to be without foundation.
Adrastea sells sensitive data from the Ministry of Defense
“We sell confidential data from“ guerra.difesa.it ”(Italian Ministry of Defense) relating to the command management system of the units of the Italian Ministry of Defense C2EIEVO, SIACCON”. This is the text that can be read on the opening post of the new thread, which since Friday does not seem to have received any replies.
The author “adrastea” continues by reporting that he is in possession of information on the activities of military intelligence units (RAIT – integrated terrestrial analysis department), the exchange and collection system used by them of intelligence data (HUMINT, SIGINT, OSINT) – FAS JISR – Joint intelligence, surveillance and reconnaissance, of the systems of organization and control of analytical intelligence data IKM, as well as information in relation to the military project NATO programs “MAJIIC-2”.
The post is written in English, although the forum, on which it was traced, is typically Russian-speaking. From initial evidence and from the samples published to demonstrate the hypothetical data breach, however, it does not seem to be a leak of sensitive data, even the screenshots seem to refer to documents publicly available and available directly from official sources.
Activities of the cyber gang “adrastea”
The one who appears to be the spokesperson for a cybercriminal group signs his claims in the name of “adrastea”. This entity made itself known about a week ago with the exposure of a further claim, again through underground forums, in which an attempt was made to sell about 84 GB of sensitive data concerning MBDA, the main European consortium for the missile production of the defense sector. . Based in Paris, the consortium is also owned, for its 25% by Italy through Leonardo SpA.
In this case, however, the MBDA consortium officially denied “the hacker attack on its computer systems”, with the publication of a press release confirming that there have been no external tampering with the infrastructure network.
However, from a careful reading the press release itself confirms at the same time the real existence of the claimed data breach, asserting with certainty that it has traced the data for sale online with those contained in an external hard disk, of which (we imagine) control has been lost. physicist.
It is, therefore, necessary to remember that the alert “bar” on this kind of event is not changed, especially in the case of strategic sectors for national security, such as defense.
In fact, a data breach, caused by cyber intrusion or theft/loss of physical devices, is always a loss of data. And if that data contains sensitive information (employee data, internal contacts, internal documents of non-public projects), it is and remains a security problem that, in fact, are still continuing investigations in this regard.
Catch up on more articles here
Follow us on Twitter here