Cyber Incident Victim: Societ Italiana Brevetti
Date:
Feb 2023
Location:
Italy
Summary
The Italian intellectual property consultancy Societ Italiana Brevetti fell victim to a ransomware attack by the Vice Society group, which encrypted its systems and exfiltrated sensitive data. The attackers published stolen documents—including client information and internal files—on their dark web leak site after the organization declined to pay the ransom. Vice Society employed double extortion tactics, leveraging vulnerabilities like PrintNightmare for privilege escalation and targeting backup systems to hinder recovery efforts. The group's techniques included lateral movement using tools like proxychain and impacket, degradation of ESXi virtualization servers, and attempts to bypass Windows security protections. This incident caused significant operational disruption and exposed confidential client data related to patents, trademarks, and copyrights managed by the firm.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around February 1, 2023, the Italian intellectual property consultancy firm Società Italiana Brevetti (SIB) suffered a ransomware attack attributed to the Vice Society cybercrime group. Vice Society compromised SIB's IT infrastructure, exfiltrated sensitive data, and deployed ransomware to encrypt the company's systems, rendering them inaccessible. The attackers subsequently published the stolen data on their dark web leak site after SIB apparently refused to pay the demanded ransom. The published data included extensive documents related to SIB's operations, accessible through a directory browsing interface on Vice Society's Tor-based platform. SIB, described as a leading firm specializing in patent, trademark, design, and copyright protection services for SMEs, large enterprises, universities, and research centers, faced significant exposure of client intellectual property assets and internal operational documents. Vice Society taunted the victim by repurposing SIB's own corporate description from its public website in the leak site announcement, emphasizing the firm's international reputation as a contextual detail to heighten reputational impact.
The attackers employed tactics consistent with Vice Society's known ransomware-as-a-service operations, including the use of post-compromise tools like proxychain and impacket, targeted disruption of backup systems to prevent recovery, and exploitation of vulnerabilities such as PrintNightmare for privilege escalation. Forensic observations from unrelated incidents involving this group indicated attempts to degrade ESXi virtualization servers and bypass Windows native credential protections during lateral movement. While SIB's specific detection or containment measures were not disclosed in available sources, the public data leak confirmed the attackers successfully executed double extortion—combining encryption with data exposure threats. The incident exposed SIB's legal, technical, and contractual documents related to global intellectual property filings, client portfolios, and valuation strategies, creating risks of industrial espionage, regulatory penalties, and client litigation. Operational disruption from system encryption likely hampered SIB's ability to manage patent filings and client services, though the duration of downtime remained unspecified. No public statement from SIB or details regarding data recovery efforts were reported at the time of the disclosure.