Cyber Incident Victim: Laservideo
Date:
Mar 2023
Location:
Italy
Summary
A cyberattack compromised the central server of an Italian vending machine manufacturer, enabling simultaneous manipulation of thousands of tobacco and lottery product distributors across the country. The intrusion forced affected machines to sell items at heavily discounted prices and display political messages advocating for the release of an imprisoned anarchist. Although unofficially linked to anarchist-aligned online activity through social media references to the incident, no group formally claimed responsibility. The attack caused operational disruptions, financial impacts from unauthorized sales, and potential legal complications regarding customers who purchased items at altered prices before service restoration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On the evening of March 25, 2023, Laservideo, a Mantua-based company specializing in vending machines for tobacco shops and pharmacies across Italy, suffered a large-scale cyberattack targeting its network of cigarette and lottery ticket distributors. The attack compromised Laservideo’s central server system, which remotely managed pricing and operational data for thousands of machines nationwide. Hackers manipulated this centralized infrastructure to simultaneously force product prices—including cigarettes, tobacco, lighters, and scratch cards—to drop to 10 cents per transaction on affected devices. The intrusion also caused some machines to display overt political messaging demanding the release of anarchist Alfredo Cospito, who was imprisoned under Italy’s strict Article 41-bis regime. AssoTabacchi, Italy’s tobacco sellers’ association, estimated between 5,000 and 8,000 vending machines were compromised, with geographical impact spanning mainland Italy and its islands. Technical analysis by AssoTabacchi president Gianfranco Labib Boughdady indicated the breach exploited Laservideo’s unique server-dependent architecture, enabling attackers to bypass individual device security through the centralized control point. The disruption persisted into operational hours on March 26, causing nationwide service interruptions.
The immediate operational impact centered on unauthorized sales at manipulated prices, exposing retailers to financial losses and requiring manual overrides. Legal complications arose for customers who purchased products at the hacked rates, as tobacconists faced challenges proving buyer awareness of the illegality—a prerequisite for prosecution. Although Laservideo resolved the technical disruption rapidly, restoring standard pricing and functionality, the company issued an official email to affected retailers with procedural guidance following containment. No group formally claimed responsibility, though circumstantial links emerged through Twitter posts by accounts like Activist Anarchyst Anonymous, which amplified news of the attack alongside content supporting Cospito’s hunger strike against prison conditions. The messages displayed on vending machines directly mirrored this campaign but lacked verifiable attribution. Post-incident focus shifted to liability management for transactions conducted during the breach and reinforcing server security to prevent similar supply-chain attacks on Laservideo’s proprietary network.