Cyber Incident Victim: Tel.ene
Date:
Nov 2022
Location:
Italy
Summary
A cyberattack by the Kelvin Security group targeted an Italian energy sector company, resulting in the theft of 11.5 GB of data comprising over 4,000 PDF documents. The stolen information was advertised for sale on a prominent cybercrime forum, with the attackers providing contact details for potential buyers. The victim organization assists customers in evaluating electricity and gas tariffs within the competitive energy market. The threat actor, known for selling exfiltrated data, system accesses, and stolen databases, has been active for several years, previously targeting major corporations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 14, 2022, the cybercriminal group Kelvin Security publicly claimed responsibility for a cyberattack targeting the Italian company Tel.ene. The group announced the breach on Breach Forums, a prominent underground cybercrime forum, advertising the theft of 11.5 GB of data comprising 4,107 files from Tel.ene’s IT infrastructure. The stolen data reportedly consisted primarily of PDF documents. Kelvin Security provided a contact link in their forum post to facilitate the sale of this data to potential buyers. The attack’s timing coincided with heightened scrutiny of energy sector vulnerabilities, as Tel.ene operated in Italy’s competitive energy market, assisting customers in comparing electricity and gas tariffs under the country’s liberalized energy market framework. No technical details regarding the initial attack vector, intrusion methods, or duration of unauthorized access were disclosed in the forum post or subsequent public reporting.
Kelvin Security, identified as a black-hat hacker group active since at least 2020, has historically targeted corporate entities across multiple sectors, including a notable 2020 attack on German automaker BMW that compromised data belonging to 384,000 customers. The group monetizes stolen data through underground forums, additionally selling network access credentials, proof-of-concept exploits, and databases. Tel.ene’s website described its business as providing customers with "clear and precise" comparisons of energy market offers to identify optimal tariffs, though the specific operational impacts of the breach on Tel.ene’s services or customers remained unconfirmed in available sources. RedHotCyber, the cybersecurity news outlet reporting the incident, noted no immediate public statement from Tel.ene regarding the breach or mitigation efforts but offered to publish any official response if provided. The data’s content and sensitivity were not detailed beyond the file types and volume, leaving the full scope of potential financial, legal, or reputational consequences unverified at the time of reporting.