Italian defense contractor Leonardo rattled by somewhat serious allegations

Defense aerospace logo

**We have suspended publication. See announcement in our headline section.***

Italy’s Leonardo Defense Group Hit By Major Hacker Attack

(Source:; posted Dec. 7, 2020)

Screenshot of the website, seized by Italian police on Dec. 5, where the data hacked from Leonardo computers was sent automatically for over two years.———————-

PARIS — Using malware unknown to the company’s anti-virus programs, and propagated using USB drives, a hacker gained access to 99 computers at facilities of Italian aerospace and defense group Leonardo and stole over 100 gigabytes of data between May 2015 and January 2017, according to an Italian police statement issued on Saturday.

The intrusion was eventually detected by Leonardo, who then alerted the police, and investigations led to the arrest last week of two individuals — one former and one current Leonardo employees.

It is not clear exactly where the hacking took place. According to Italian media reports 33 of the 94 infected workstations were located at the Leonardo’s Pomigliano d’Arco plant, near Naples, which is part of the company’s Airplane Division. No information has been released as to the location of the 61 other workstations.

The arrests “are a blow for Leonardo which, along with its aerospace activities, also has a large cybersecurity division that counts NATO among its customers,” Reuters reported from Rome on Dec. 5. It added that the hack extracted “classified information of significant value to the company.”

The specifics of the attack are likely to prove even more embarrassing, as it took the company almost two years to notice the hacking, which was initially written off as insignificant according to Leonardo’s first complaint. However, the subsequent investigations have reconstructed a “much more extensive and severe scenario,” according to the Italian website. Italian police have described it as “extremely serious,” although Leonardo has downplayed its significance.

It now appears that, over nearly two years, the malware silently exfiltrated classified and valuable corporate data, and updated it continuously by automatically executing each time a workstation was started.

StartMag also reported that Leonardo’s cyber security team in January 2017 reported anomalous outgoing traffic from some workstations of the Pomigliano d’Arco plant, generated by a code called “cftmon.exe.” The anomalous traffic was directed towards a web page called “”, which was seized on Saturday in parallel with the arrests. (see image at top)

The hacker, according to the Adn Kronos news agency, was not identified by the company but by the working group on cybercrime of the Naples Prosecutor’s Office, whose investigations culminated in Friday’s arrests.

According to the police, the hacker was a Leonardo employee, although the company said (see item below) he was a “former collaborator, who is not an employee.” His accomplice, who was placed under house arrest, is the head of Leonardo’s own Cyber Emergency Readiness Team (CERT), which was set to protect the company from hacking attacks; he is charged with “meddling with evidence to throw the investigations off track, the prosecutors said,” according to a Dec. 5 Reuters report.

Both the hacker and his alleged accomplice have been identified and named by Italian media.


Leonardo on the Measures of the Naples Public Prosecutor’s Office(Source: Leonardo; issued Dec. 05, 2020)ROME — With regards to the current measures adopted by the Naples judiciary, Leonardo announces that the investigation comes from a complaint by the Company’s security that has been followed by others.

The measures concern a former collaborator who is not an employee of Leonardo, and a non-executive employee of the Company.

The Company, which is obviously the injured party in this affair, has provided maximum cooperation since the beginning and will continue to do so to enable the investigators to clarify the incident, and for its own protection.

Finally, it should be noted that classified or strategic data is processed in segregated areas, without connectivity, and not within the Pomigliano plant.


Press releases

See all

Breaking News from AFP

See all

Feature Stories

See all

Editor’s choice

See all

Word for word

See all

Official reports

See all


Published by technofiend1

Kazan- Kazan National Research Technical University Казанский национальный исследовательский технический университет имени А. Н. Туполева he graduated in Economics in 1982

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: