**We have suspended publication. See announcement in our headline section.***
Italy’s Leonardo Defense Group Hit By Major Hacker Attack
(Source: Defense-Aerospace.com; posted Dec. 7, 2020)
PARIS — Using malware unknown to the company’s anti-virus programs, and propagated using USB drives, a hacker gained access to 99 computers at facilities of Italian aerospace and defense group Leonardo and stole over 100 gigabytes of data between May 2015 and January 2017, according to an Italian police statement issued on Saturday.
The intrusion was eventually detected by Leonardo, who then alerted the police, and investigations led to the arrest last week of two individuals — one former and one current Leonardo employees.
It is not clear exactly where the hacking took place. According to Italian media reports 33 of the 94 infected workstations were located at the Leonardo’s Pomigliano d’Arco plant, near Naples, which is part of the company’s Airplane Division. No information has been released as to the location of the 61 other workstations.
The arrests “are a blow for Leonardo which, along with its aerospace activities, also has a large cybersecurity division that counts NATO among its customers,” Reuters reported from Rome on Dec. 5. It added that the hack extracted “classified information of significant value to the company.”
The specifics of the attack are likely to prove even more embarrassing, as it took the company almost two years to notice the hacking, which was initially written off as insignificant according to Leonardo’s first complaint. However, the subsequent investigations have reconstructed a “much more extensive and severe scenario,” according to the Italian StartMag.it website. Italian police have described it as “extremely serious,” although Leonardo has downplayed its significance.
It now appears that, over nearly two years, the malware silently exfiltrated classified and valuable corporate data, and updated it continuously by automatically executing each time a workstation was started.
StartMag also reported that Leonardo’s cyber security team in January 2017 reported anomalous outgoing traffic from some workstations of the Pomigliano d’Arco plant, generated by a code called “cftmon.exe.” The anomalous traffic was directed towards a web page called “www.fujinama.altervista.org”, which was seized on Saturday in parallel with the arrests. (see image at top)
The hacker, according to the Adn Kronos news agency, was not identified by the company but by the working group on cybercrime of the Naples Prosecutor’s Office, whose investigations culminated in Friday’s arrests.
According to the police, the hacker was a Leonardo employee, although the company said (see item below) he was a “former collaborator, who is not an employee.” His accomplice, who was placed under house arrest, is the head of Leonardo’s own Cyber Emergency Readiness Team (CERT), which was set to protect the company from hacking attacks; he is charged with “meddling with evidence to throw the investigations off track, the prosecutors said,” according to a Dec. 5 Reuters report.
Both the hacker and his alleged accomplice have been identified and named by Italian media.
Leonardo on the Measures of the Naples Public Prosecutor’s Office(Source: Leonardo; issued Dec. 05, 2020)ROME — With regards to the current measures adopted by the Naples judiciary, Leonardo announces that the investigation comes from a complaint by the Company’s security that has been followed by others.
The measures concern a former collaborator who is not an employee of Leonardo, and a non-executive employee of the Company.
The Company, which is obviously the injured party in this affair, has provided maximum cooperation since the beginning and will continue to do so to enable the investigators to clarify the incident, and for its own protection.
Finally, it should be noted that classified or strategic data is processed in segregated areas, without connectivity, and not within the Pomigliano plant.
- ***Publication Suspended***Jan 04
- FAA and Boeing ‘Manipulated 737 Max Tests During Re…Dec 21
- Netherlands, Germany Agree Joint Development of Nex…Dec 21
- Sweden Plans Major Upgrade of Military CapabilitiesDec 21
- Seven French AF Rafales Fly 10-Hour Mission to ‘Attack…Dec 21
- GD Wins $4.6Bn Order for M1A2 SEPv3 TanksDec 21
- French Defense 2021 Budget Up 4.5% to €39.2 BillionDec 21
- USAF Opened Criminal Probe After F-35 GroundingDec 21
- India’s DAC Approves $3.6Bn for Airbus A320 AEW, Ne…Dec 21
- Lockheed to Acquire Aerojet Rocketdyne in $4.6Bn DealDec 21
- Netherlands to Upgrade Four Holland-Class OPVsDec 21
- Boeing Loyal Wingman Drone Prepares for Flight TestsDec 21
- FMV Delivers Mine Warfare Management SystemsDec 21
- Embraer Delivers Fourth KC-390 Airlifter to Brazilian Ai…Dec 21
- France Blocks Takeover of Photonis by Teledyne, Looks…Dec 21
- Japan Sets Record $52 Bn Defense BudgetDec 21
- US Navy Breaks Record with 13th Transit Through Taiw…Dec 21
- Super Hornet Demonstrates Ski Jump LaunchDec 21
- Indra Wins €246M to Develop New Self-Protection Suit…Dec 21
- Russian Sprut-SDM1 Light Tank Passes Amphibious TestsDec 21
Breaking News from AFP
- US Military Aviation is in a Tailspin; Reforms NeededDec 18
- Greece’s Frantic Search for A New FrigateDec 11
- Indonesia Nears Order for 36 Rafales: MinisterDec 04
- Pentagon’s Penchant for Privacy Keeps ProliferatingDec 04
- A Closer Look at UK’s $22 Bn Defense Spending BoostNov 20
- Boeing’s Troubled 737 MAX: Poised for a Comeback?Nov 17
- US Spied on Denmark, Sweden in Lead-Up to F-35 Ord…Nov 16
- US Air Force Prepares Further Revamp of Tanker FleetNov 16
- Selective Arithmetic Hides the F-35’s True CostsOct 22
- China Has the World’s Largest Navy – What Now for the…Oct 22
- F-35 Production Costs to Drop But Sustainment Costs t…May 29
- Shipyard Delivers First Borei-A SSBN to Russian NavyJun 02
- Italy Clears Initial Order for 40 Centauro II Tank Destr…Jun 02
- US Releases More Details About MiG-29s, Su-24s It Sa…May 28
- US Approves $1.2Bn Patriot PAC-3 Missile Package for …May 29
- GE Delivers First F414 Engine for South Korea’s KF-X Fi…Jun 05
- Boeing Resumes 737 MAX Production, Announces First …May 28
- New French Army H160M Helicopter to Enter Service T…Jun 05
- Two Royal Navy Missile Submarines Sidelined by Techni…May 29
- Bombardier Closes $550M Sale of the CRJ Program to …Jun 02
Word for word
- UK Defence Secretary’s Speech on Defence ReformDec 14
- Norway’s Defense Minister Details 2021 Capability Upgr…Dec 08
- US Officials Brief on FY20 Arms Export SalesDec 08
- HASC Demands Clarity on F-35 Block 4 ModificationsDec 04
- EU’s Borrell on Advancing European Defense CooperationNov 23
- British, French Ministers Mark Treaty’s 10th AnniversaryNov 03
- Luftwaffe Chief Details Future Multi-Domain OperationsOct 08
- Esper Details Future Defense Modernization PrioritiesOct 08
- UK Statement on Resuming Arms Exports to Saudi ArabiaJul 08
- EU Commissioners Call for United, Resilient and Soverei…Jun 11