Cyber Incident Victim: Radiotelevisione italiana

In mid-November 2019, Italian national broadcaster Rai experienced a series of cybersecurity incidents targeting high-profile individuals within the organization. The first publicly disclosed breach involved Sigfrido Ranucci, host of the investigative program Report, who reported on November 15 that hackers had compromised his corporate accounts, personal mobile device, email, biographical data, and residential address. Ranucci stated the intrusion occurred during a critical period when Report was airing investigations into Russian-Italian political connections through "Moscopoli" and the dissemination of fake news via social media platforms. Preliminary technical analysis indicated the attackers operated from an Eastern European country, though no specific nation was identified. Ranucci characterized the timing as suspicious given the sensitive nature of Report's ongoing broadcasts about sovereigntist movements.

Separately, Rai officials disclosed that several months prior to Ranucci's breach, unauthorized parties had targeted the digital accounts of the company's top executives. These earlier attacks against leadership accounts were promptly reported to relevant authorities, though the disclosure only became public following Ranucci's November 15 announcement. The broadcaster did not specify which executive accounts were compromised, the exact timeframe of these breaches, or whether data was exfiltrated. No technical connection was established between the executive account intrusions and Ranucci's subsequent breach despite their temporal proximity within the same calendar year. Both incidents remained under official investigation with no attribution to specific threat actors or confirmation of operational linkages at the time of reporting.