Menu
Browse

Cyber Incident Victim: Acea

Date:

Feb 2023

Location:

Italy

Summary

Acea, an Italian utility company, experienced a ransomware attack attributed to the Black Basta group, causing temporary disruption to internal IT systems and corporate websites while essential water and electricity distribution services remained operational. The incident prompted collaboration with national cybersecurity authorities and postal police specialists, leading to restored IT functionality and contact center operations without evidence of compromised personal data. Static and dynamic analyses confirmed the containment of the attack, which was managed through coordinated efforts emphasizing transparency and institutional synergy.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actor Type Location
1 actor Available to members Available to members

Description

On February 2, 2023, Italian utility company Acea experienced a cyberattack targeting its internal IT infrastructure. The company promptly activated incident response protocols in collaboration with Italy’s National Cybersecurity Agency (Acn) and the Postal Police’s Cnaipic unit to contain the disruption. Initial assessments confirmed the attack did not compromise essential water and electricity distribution services, which remained fully operational throughout the incident. Internal IT systems, however, sustained partial disruption to support business operations, requiring temporary restrictions for analysis and control activities. Rome’s Public Prosecutor’s Office initiated oversight of the investigation, awaiting formal notifications from Acea. Early investigative hypotheses suggested potential involvement of a Russian-linked threat group, though no attribution was confirmed at this stage. The company maintained public transparency through official statements emphasizing service continuity for customers.

Cyber Incident Image

By February 4, 2023, Acea restored functionality to its corporate websites, customer service platforms for water, electricity, and gas utilities, and reactivated its contact center operations. Forensic analysis identified the Black Basta ransomware group as the perpetrator but found no evidence of personal data exfiltration or compromise. Static and dynamic malware analyses conducted by Acea’s cybersecurity team and law enforcement partners confirmed the attack’s containment within non-critical systems. The company reiterated that commercial platforms and back-end infrastructure were fully secured following remediation, with no residual impacts on billing or service delivery mechanisms. Coordination with Acn and the Postal Police continued throughout the recovery phase to ensure alignment on threat intelligence sharing and operational safeguards. Acea’s public communications consistently emphasized the uninterrupted provision of core utilities despite the temporary IT disruption.

Sources
Sources available to members
2 sources