Ransomware Attack on ENEA Italy by Hunters International: Key Details
Incident Date:
August 2, 2024
Overview
Title
Ransomware Attack on ENEA Italy by Hunters International: Key Details
Victim
ENEA Italy
Attacker
Hunters International
Location
First Reported
August 2, 2024
Ransomware Attack on ENEA Italy by Hunters International
ENEA Italy, the Italian National Agency for New Technologies, Energy, and Sustainable Economic Development, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group Hunters International. This breach has significant implications for the agency, which plays a crucial role in Italy's research and development in energy, environment, and sustainable economic growth.
About ENEA Italy
ENEA is a prominent research organization in Italy, employing approximately 2,700 staff members across nine research centers nationwide. The agency focuses on energy efficiency, renewable energy sources, nuclear energy, climate and environmental studies, safety and health, new technologies, and electric system research. ENEA is known for its multidisciplinary competencies and expertise in managing complex research projects, which are leveraged for various activities such as basic and industrial research, technology development, and providing high-tech services to public and private sectors.
Attack Overview
The ransomware group Hunters International has claimed responsibility for the attack on ENEA Italy via their dark web leak site. The attackers assert that they have exfiltrated 219.9 GB of data, encompassing 236,372 files. This breach poses significant risks to the agency's operations and the sensitive information it handles. The compromised data could potentially include critical research findings, personal information of employees, and confidential project details.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group by law enforcement agencies. The group's ransomware code contains approximately 60% overlap with samples of Hive ransomware, indicating a shared technical lineage. Hunters International's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data.
Penetration and Vulnerabilities
While the exact method of penetration into ENEA's systems remains unclear, it is likely that Hunters International exploited common vulnerabilities such as outdated software, weak passwords, or phishing attacks. The group's techniques and operational strategies resemble those of the Hive ransomware, suggesting they have inherited or adapted Hive's encryption methods and tactics. ENEA's extensive involvement in international collaborations and projects, particularly within the European Union framework, may have also exposed it to additional cyber risks.
Implications and Response
The ransomware attack on ENEA Italy underscores the growing threat posed by sophisticated ransomware groups like Hunters International. The breach not only jeopardizes the agency's critical research and development activities but also highlights the need for enhanced cybersecurity measures to protect sensitive information and ensure the continuity of essential services.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.