Ransomware Attack on ENEA Italy by Hunters International

ENEA Italy, the Italian National Agency for New Technologies, Energy, and Sustainable Economic Development, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group Hunters International. This breach has significant implications for the agency, which plays a crucial role in Italy's research and development in energy, environment, and sustainable economic growth.

About ENEA Italy

ENEA is a prominent research organization in Italy, employing approximately 2,700 staff members across nine research centers nationwide. The agency focuses on energy efficiency, renewable energy sources, nuclear energy, climate and environmental studies, safety and health, new technologies, and electric system research. ENEA is known for its multidisciplinary competencies and expertise in managing complex research projects, which are leveraged for various activities such as basic and industrial research, technology development, and providing high-tech services to public and private sectors.

Attack Overview

The ransomware group Hunters International has claimed responsibility for the attack on ENEA Italy via their dark web leak site. The attackers assert that they have exfiltrated 219.9 GB of data, encompassing 236,372 files. This breach poses significant risks to the agency's operations and the sensitive information it handles. The compromised data could potentially include critical research findings, personal information of employees, and confidential project details.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group by law enforcement agencies. The group's ransomware code contains approximately 60% overlap with samples of Hive ransomware, indicating a shared technical lineage. Hunters International's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data.

Penetration and Vulnerabilities

While the exact method of penetration into ENEA's systems remains unclear, it is likely that Hunters International exploited common vulnerabilities such as outdated software, weak passwords, or phishing attacks. The group's techniques and operational strategies resemble those of the Hive ransomware, suggesting they have inherited or adapted Hive's encryption methods and tactics. ENEA's extensive involvement in international collaborations and projects, particularly within the European Union framework, may have also exposed it to additional cyber risks.

Implications and Response

The ransomware attack on ENEA Italy underscores the growing threat posed by sophisticated ransomware groups like Hunters International. The breach not only jeopardizes the agency's critical research and development activities but also highlights the need for enhanced cybersecurity measures to protect sensitive information and ensure the continuity of essential services.

Sources

• ENEA - Italian National Agency for New Technologies, Energy and Sustainable Economic Development
• SOCRadar - Dark Web Profile: Hunters International
• Global Security Mag - Hive Ransomware's Offspring: Hunters International Takes the Stage
• Quorum Cyber - Hunters International Ransomware Report