Cyber Incident Victim: GenialMoney

On September 28, 2022, the Italian financial company GenialMoney, based in Lamezia Terme, was confirmed as a victim of a cyberattack by the hacking group Kelvin Security. The group publicly advertised the stolen data for sale on Breach Forums, a prominent underground cybercrime forum established in March 2022 as a replacement for the seized Raid Forums platform. The compromised data amounted to approximately 68 GB, comprising over 23,000 files in PDF, DOCX, and XLS formats. Kelvin Security provided a sample of the stolen data within their forum post to facilitate sales negotiations, alongside contact details for potential buyers. The group, described as grey hat hackers, has operated since at least 2020 and previously targeted other Italian organizations, including a Vodafone Italia supplier, RP Company, and E-City Group. Their historical activities included the 2020 breach of a BMW Group supplier, where they exfiltrated and sold data belonging to 384,000 customers on Raid Forums.

The incident exposed sensitive GenialMoney documents to underground markets, increasing risks of fraud or secondary attacks against the company and its clients. Breach Forums, where the data was listed, had rapidly grown to over 1,500 members since its creation by threat actor "pompompurin" following law enforcement’s seizure of Raid Forums. The forum attracted former Raid Forums users who maintained identical usernames and avatars, suggesting continuity in illicit trading practices. Kelvin Security’s broader operations included selling network access, proof-of-concept exploits, and stolen databases beyond the GenialMoney breach. Cybersecurity monitoring entity RedHotCyber (RHC) committed to tracking developments but reported no immediate containment actions or public response from GenialMoney. The breach highlighted the persistent threat posed by established cybercrime forums facilitating large-scale data trafficking among Western threat actors.