Cyber Incident Victim: Comune di Fossalta di Piave
Date:
Jun 2022
Location:
Italy
Summary
A cyberattack targeted the municipal administration of Fossalta di Piave, disrupting critical services including the issuance of identity cards and documents due to contamination of digital work platforms. While email communications and the official website remained functional, administrative operations were severely impacted. The mayor reported no ransom payment or engagement with attacker demands, though a malicious email likely containing such requests was identified. IT consultants were actively working to restore systems, with full recovery anticipated to require additional days. Authorities were notified to investigate the incident, which highlighted broader challenges posed by increasingly sophisticated cyber threats against public institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 17, 2022, the municipal administration of Fossalta di Piave suffered a cyberattack that disrupted critical services. The attack compromised digital work platforms, forcing the suspension of identity card issuance and other document processing operations. Administrative activities faced significant paralysis, though email communications and the municipal website remained operational. Mayor Manrico Finotto reported the incident to the postal police to initiate an investigation. IT consultants immediately began containment and recovery efforts but confirmed the persistence of malware contamination in core systems. No ransom demand was acknowledged as fulfilled, with the mayor emphasizing that no suspicious email linked to the attackers had been opened by staff. The attackers' initial vector appeared to involve a malicious email containing probable financial demands, though its contents were not accessed.
Detection occurred when system irregularities revealed viral contamination, prompting an emergency shutdown of affected platforms to limit damage. Recovery timelines proved more complex than initially projected, with officials anticipating resolution within a day before extending estimates to several additional days due to unresolved technical obstacles. Operational impacts centered on prolonged administrative delays, particularly affecting civil registry services. Forensic analysis remained ongoing as of the reporting date, with no public attribution to specific threat actors or disclosure of data exfiltration. The municipality maintained public communications via unaffected channels while prioritizing system restoration under consultant guidance. Restoration efforts focused on securing platforms before reactivation, with no confirmation of data compromise or secondary attack waves during recovery.