Cyber Incident Victim: Alia Servizi Ambientali
Date:
Sep 2022
Location:
Italy
Summary
A major Italian waste management company operating in Tuscany suffered its second cyberattack within nine months, involving unauthorized access to its systems. Immediate security measures prevented malware propagation, but disruptions affected customer-facing services including billing offices and call centers. The incident likely involved ransomware, evidenced by the company's reliance on backup restoration to resume operations. This followed a prior attack by the Hive ransomware gang, which had demanded €400,000—a ransom the firm refused to pay, opting instead for infrastructure recovery. Internal technical reviews and regulatory notifications were underway while services were projected to normalize shortly after system restoration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 28, 2022, Alia Servizi Ambientali S.p.A., a major Italian waste management firm serving 59 Tuscan municipalities with 1.5 million customers, detected an unauthorized intrusion attempt into its IT systems during nighttime hours. This marked the second cybersecurity incident against the company within nine months, following a prior ransomware attack by the Hive gang in early 2022 that had demanded a €400,000 ransom, which Alia refused to pay. The organization immediately implemented security countermeasures upon detecting the new breach attempt, focusing on preventing malware propagation and system compromise. Technical teams initiated forensic examinations while coordinating notifications to relevant authorities. As a precautionary measure, Alia suspended customer-facing operations starting the morning of September 29 to facilitate infrastructure hardening, causing service disruptions at Tari tax offices and call centers.
The incident necessitated comprehensive system restoration from backups, with full operational recovery projected for September 30. Service interruptions persisted throughout the verification and remediation period, prompting public apologies from the company for customer inconveniences. No data exfiltration or encryption demands were explicitly confirmed in this second incident, though restoration procedures suggested potential system integrity concerns. Alia's response mirrored its approach during the prior Hive attack, prioritizing backup recovery over ransom negotiations. The company maintained operations across its core waste collection services despite ancillary customer service disruptions, leveraging its workforce of 1,800 employees to mitigate broader operational impacts while addressing the €225 million-revenue organization's cybersecurity emergency.