Pierluigi Paganini
February 10, 2017
The Italian Foreign Ministry was the victim of a targeted cyber espionage campaign, according to The Guardian newspaper who cited a diplomatic source that has spoken on condition of anonymity.
According to the source, the attack was launched by a nation-state actor, likely Russia.
“Russia is suspected by Italian officials of being behind a sustained hacking attack against the Italian foreign ministry last year that compromised email communications and lasted for many months before it was detected, according to people familiar with the matter.” reported The Guardian.
The source revealed that after the experts discovered the attack, the foreign ministry has introduced further security measures to improve its online “architecture” and the internal security. At the time I was writing there is no technical information about the attack neither the way the experts discovered the intrusion.
The hackers targeted the foreign ministry’s “field offices”, including embassies and staff members, they used a malware to spy on their systems and exfiltrate sensitive information.
“The official did not confirm that Moscow was behind the attack. But two other people with knowledge of the attack said the Russian state was believed to have been behind it. The hacking is now the subject of an inquiry by the chief prosecutor in Rome.” continued The Guardian.
“There were no attacks on the encrypted level. So the information – delicate, sensitive information – that is usually shared in this net, which is restricted by code, has never been attacked or part of this attack,” the government official said.
Security experts believe that the Russian Government is conducting a wide-range espionage activity in order to gather intelligence information on EU states and NATO members, the list of victims includes France, Germany, the Netherlands and Bulgaria,
Recently France the Defense Minister Le Drian expressed concerns about cyber attacks against defense systems and warns of hacking campaigns launched by Russian hackers on the upcoming elections.
Back to the present, the Italian source, who has close ties to the Foreign Ministry, confirmed that the cyber espionage campaign “did not affect the encrypted information system used to exchange the most sensitive information” but did affect “email accounts of ministry employees and the embassies”.
An Italian government official confirmed that the cyber attack occurred during last spring when Paolo Gentiloni who was serving as foreign minister, and the campaign lasted for more than four months. The official added that the hackers but did not infiltrate the encrypted system used for classified communications neither the Gentiloni’s account.
Paolo Gentiloni, the Italian prime minister who was serving as foreign minister at the time, was not affected by the cyber attack. It is very strange the version provided by the Italian official who explained that Gentiloni avoided using email while he was foreign minister.
If true, which was the channel used by the Prime Minister Gentiloni? Why he avoided using the Government email that is monitored by the Government IT staff?
The Russia’s foreign ministry denied the involvement in the attack and said there were “no facts to prove this claim.”
I fear that also other nation-state actors may have breached our systems, Chinese hackers, North Korean Cyber army and Iranian hackers are other actors that have to be monitored carefully.
[adrotate banner=”9″]
(Security Affairs – Italian Foreign Ministry, cyber espionage)
