Cyber Threat Actor: fibonacci
| Actor Type | Location | Known Incidents |
Sensationalist
|
Russia
|
1 incident |
|---|
Profile
fibonacci isan alias used by a threat actor whose known location, based on available reporting, is Russia. The actor first came to public attention by claiming responsibility for the distribution of a compromised database belonging to the Italian military‑focused website italiamilitare.it. In the claim, fibonacci posted a link to a 655 MB SQL file containing approximately 364,000 user records on a Telegram channel that regularly shares stolen data and simultaneously advertised the leak on an underground forum. Alongside the SQL dump, the actor provided a 41 MB Data Definition Language (DDL) file that revealed the database schema and included sample entries for each table. The material was presented as a “sample” to demonstrate the authenticity of the stolen data, and the actor’s posts were accompanied by promotional content for the Telegram channel and the forum where the leak was hosted. No additional details about fibonacci’s broader tooling, malware usage, or initial access techniques have been disclosed in the sources examined.
The Italia Militare incident, reported on May 30 2023, involved the exposure of a substantial user database that included personally identifiable information and other sensitive details tied to the platform’s members. After the leak appeared, the actor’s alias was used in the forum post that made the SQL and DDL files available for download, and the Telegram channel broadcasted the forum link to a wider audience. The affected organization was notified of the breach by the reporting outlet, though no official statement or confirmation was issued by Italia Militare at the time of the initial report. The episode highlights the actor’s capability to acquire large volumes of data, repackage it with schema information, and disseminate it through both semi‑public messaging platforms and clandestine forums. Because no further campaigns or technical specifics have been publicly attributed to fibonacci, the profile remains limited to this single, well‑documented operation.