Cyber Incident Victim: Eni S.p.A.
Date:
Aug 2022
Location:
Italy
Summary
Italian oil company Eni suffered unauthorized access to its corporate network, which was detected and contained by internal security systems, resulting in minor consequences. The incident was reported to authorities for investigation amid speculation of a ransomware attack, though attribution and technical details remain unconfirmed. This breach occurred alongside a cyberattack on Italy's energy agency GSE, which disrupted operations and forced its website offline, highlighting broader risks to critical infrastructure where IT compromises can potentially impact essential services despite limited initial damage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late August 2022, Italian energy company Eni S.p.A. detected unauthorized access to its corporate network through internal security systems. The company confirmed the breach in statements to Reuters and Bloomberg News, emphasizing that the intrusion was identified rapidly. Eni notified Italian authorities, who initiated an investigation to assess the attack’s scope and impact. While Bloomberg cited unnamed sources suggesting a ransomware attack—a method involving data encryption for extortion—Eni did not confirm this or disclose technical specifics about the breach mechanism. The company maintained that the incident caused limited operational disruption due to prompt detection, though it did not elaborate on which systems or data were accessed. No ransomware group claimed responsibility, and Eni provided no attribution details regarding threat actor identity or motives.

The incident occurred amid heightened cybersecurity risks to Italy’s energy sector, following a separate cyberattack days earlier on Gestore dei Servizi Energetici (GSE), the government agency managing Italy’s electricity market. GSE’s website remained offline after its breach, with infrastructure compromises reportedly disrupting operations. Eni’s disclosure highlighted broader concerns about critical infrastructure vulnerabilities, referencing historical precedents like the 2021 Colonial Pipeline ransomware shutdown in the U.S. and Mabanaft’s 2022 fuel-delivery disruptions in Germany. Eni did not report physical operational impacts or service interruptions to customers, nor did it disclose whether data exfiltration occurred. The company’s public communications focused on containment via existing security protocols and collaboration with law enforcement, without detailing remediation steps or forensic findings.
