Was there or was there no theft of data to the detriment of the Revenue Agency? On the one hand there is the Lockbit group, which in its being a criminal has always proved serious in its statements, also because it is better for it to be if it wants to keep its reputation high: Lockbit has confirmed that it has pierced the servers and has withdrawn 100 GB of files.
On the other hand, there is Sogei, Società Generale d’Informatica SpA, the IT and technological branch of the Ministry of Economy and Finance which manages all the most delicate servers in our country.
In recent days there has obviously been no lack of classic memes which, as always, point the finger at the proverbial inefficiency of the Italian public administration, but really smart and competent people work in Sogei, just take a quick spin on LinkedIn to find some names and some resumes.
Sogei has denied everything, and there is no reason not to believe her.
“With regard to the alleged cyber attack on the tax information system, Sogei spa informs that from the first analyzes carried out, no cyber attacks have occurred or data has been stolen from the technological platforms and infrastructures of the Financial Administration. From the technical investigations carried out, Sogei therefore excludes that a computer attack on the site of the Revenue Agency may have occurred. In any case, the collaboration with the National Cybersecurity Agency and the Postal Police remains active in order to give maximum support to the investigations in progress.. “
A half-mystery, so much so that yesterday among the hypotheses raised there was also that of the possible data breach of a structure connected to the Revenue Agency but outside the control perimeter of Sogei.
It was the right way, because some published documents, including a screenshot containing folders from the human resources department of Zucchetti, included the path “GESIS” or “GESISD”, a reference to Studio Teruzzi Commercialisti Gesis Srl. nothing to do with Sogei or with the Revenue Agency, he simply had documents of his customers in the database with the heading AdE.
Gesis confirmed the attack:
Regarding the articles published this week in some media in relation to an alleged hacker blackmail attempt at the Revenue Agency, at the moment we can only observe the following. The data published in these articles, as far as we know, do not come from servers of the Revenue Agency but from one of our servers that was the subject of a recent hacker intrusion attempt aimed at encrypting our files and data exfiltration, with relative ransom note.
This attempt was unsuccessful as our backup and anti-intrusion systems have avoided any data loss and limited the exfiltration of data to a minimum part, under investigation, of those present in our servers. In particular, about 7% of the data would have been exfiltrated.
Of this part, about 90% would concern databases of old versions of management programs and therefore unusable. Therefore, there were no significant consequences on our and our customers’ businesses. The parties directly concerned, including the competent authorities, were informed.
We cannot currently release any further information so as not to hamper the ongoing investigation.
There was therefore an exchange of identities: the amount of documents relating to the revenue agency had probably led the hacker group to believe that he had pierced a PA server, in reality he was an accountant.
You can breathe a sigh of relief, for two reasons: the first is that Sogei promptly verified every activity on its servers and rightly denied it, and now we know that it was perfectly clear and transparent as expected from a company that holds the keys of the Italians.
The second reason is that, as always, the weak link in the chain is represented by the small ones, by those companies that should invest more in IT skills and security. The Italian IT infrastructure currently holds up.
#Fixed #yellow #attack #Revenue #Agency #Sogei #intrusion #Heres #happened