Cyber Incident Victim: Fossalta di Piave
Date:
Jun 2022
Location:
Italy
Summary
A municipality in Veneto, Italy, experienced a cyberattack disrupting administrative services, including the issuance of identity cards and documents, while email and the official website remained accessible. The attack involved a virus contaminating digital work platforms, causing significant operational paralysis. IT consultants were engaged to restore systems, though full recovery was expected to require additional days. The mayor confirmed no ransom demands were acknowledged or fulfilled, emphasizing that the hackers' communication was not opened to avoid potential extortion. The incident highlighted evolving cybercriminal tactics capable of circumventing security measures, prompting immediate system isolation and defensive measures upon detecting the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 17, 2022, the municipal administration of Fossalta di Piave, Veneto, Italy, experienced a cyberattack that disrupted critical services. The attack compromised digital work platforms, forcing the immediate suspension of identity card issuance and administrative document processing. Mayor Manrico Finotto reported the incident to the Postal Police for investigation following the discovery of system contamination. While email communications and the municipal website remained operational, internal platforms remained offline due to persistent malware infection. The attack caused significant operational paralysis, halting routine administrative functions without immediate evidence of data exfiltration or destruction. IT consultants initiated containment measures by isolating affected systems to prevent further spread of the malware.
Recovery efforts progressed slower than initially anticipated, with officials estimating several additional days to fully restore systems as of June 22. The municipality confirmed no ransom demands were acknowledged or fulfilled, though Mayor Finotto referenced an unopened malicious email suspected to contain extortion attempts. He characterized the incident as part of a growing trend of sophisticated attacks targeting public institutions, noting attackers' increasing ability to circumvent security protocols. Restoration priorities focused on safely reactivating administrative platforms while maintaining communication channels via email. No specific threat actor attribution, malware variant identification, or data compromise details were disclosed publicly during the initial response phase.