Cyber Incident Victim: Autovie Venete
Date:
Nov 2022
Location:
Italy
Summary
An Italian highway operator managing key motorways in the northeast experienced a cyber incident causing critical disruptions to its corporate IT systems, though highway operations remained unaffected. Technical issues emerged, prompting an investigation and notification to data protection authorities, while customer service centers stayed operational for limited front-office functions. The company engaged relevant bodies to address the impact but did not publicly confirm the attack's nature or origin.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 9, 2022, Autovie Venete experienced technical disruptions affecting its departmental IT systems, prompting an internal investigation into the cause. The company detected critical operational impacts on its corporate IT infrastructure but confirmed no service interruptions across its managed highway network, including the A4 Venice-Trieste, A23 Palmanova-Udine Sud, A28 Portogruaro-Pordenone-Conegliano, A57 Mestre bypass, and A34 Villesse-Gorizia routes. By the afternoon of November 10, Autovie Venete formally notified Italy’s data protection authority (Garante per la Protezione dei Dati Personali) about the incident while maintaining limited customer service operations at four highway assistance centers (CACs) in Barriera Venezia Est, Latisana, Palmanova, and Duino Sud. These CACs restricted activities to front-office functions and information gathering rather than full operational capacity. The company published a website banner acknowledging the ongoing technical issues but did not disclose specific system vulnerabilities, attacker methodologies, or data compromise details at this initial stage.
Autovie Venete mobilized its internal technical teams to diagnose and resolve the infrastructure disruptions, characterizing their response efforts as targeting "critical impact" systems without elaborating on containment measures or forensic findings. The concessionaire reserved the right to pursue legal actions through competent authorities but did not specify whether law enforcement agencies had been engaged. While the company’s international infrastructure projects in Central-Eastern Europe—particularly collaborative ventures with Slovenia via the Fernetti (Trieste) and S. Andrea (Gorizia) border crossings—formed part of its operational profile, no evidence indicated these external initiatives suffered direct impacts. Autovie Venete declined to confirm whether ransomware, data exfiltration, or other attack vectors caused the disruption, maintaining ambiguity about the incident’s classification throughout the initial reporting period. Cybersecurity monitoring entity Redhotcyber noted the absence of an official detailed statement from the company by November 11 and continued tracking developments without independent verification of intrusion specifics.