Cyber Incident Victim: Canarbino
Date:
Aug 2022
Location:
Italy
Summary
An Italian energy company experienced a ransomware attack impacting its IT infrastructure, attributed to an intrusion via an affiliated entity. The organization stated its security measures contained the incident, preventing significant customer disruptions or theft of sensitive data. Systems were restored sequentially following verification procedures. This marked the third cyberattack against Italy's energy sector within a short timeframe, with investigations suggesting potential Russian links in parallel incidents targeting other national energy firms. Law enforcement coordinated with prosecutors to examine the breach, though the specific threat actor and ransom demands remained unidentified. The victim, a vertically integrated group operating across Europe's gas and electricity supply chain, emphasized maintaining operational continuity despite the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around August 31, 2022, Canarbino S.p.A., an Italian energy group established in 2010 and operating across Europe’s midstream energy sector, experienced a ransomware attack affecting IT infrastructure at an affiliated company based in Sarzana. This marked the third cyberattack against Italian energy infrastructure within a week, following incidents targeting ENI and GSE. The attack compromised systems of the Sarzana affiliate, though technical safeguards prevented significant customer service disruptions or theft of sensitive client data. While the specific ransomware variant and responsible threat actor remained unidentified, Italian authorities including the Postal Police and Genova’s Public Prosecutor’s Office initiated investigations into the intrusion. Canarbino’s parent company systems contained the attack, limiting operational impact across the vertically integrated group, which spans gas and electricity wholesale/retail operations through multiple subsidiaries.
Canarbino restored functionality by sequentially reactivating systems after conducting verification and analysis, confirming full operational recovery in subsequent days. The company’s official statement emphasized no material customer data breaches occurred, attributing containment to existing security measures. Concurrent investigations by Rome’s Public Prosecutor’s Office into the ENI and GSE incidents examined potential unauthorized system access, with speculation about possible Russian affiliations and sabotage objectives against Western infrastructure. The coordinated timing of these attacks raised concerns about targeting critical energy infrastructure amid geopolitical tensions preceding winter. Canarbino’s partnership with German utility EnBW—a Frankfurt-listed entity with €3 billion in equity—remained unaffected, with no reported cross-border operational consequences from the incident.