Cyber Incident Victim: Agenzia Regionale per la Protezione dell'Ambiente della Puglia
Date:
Nov 2019
Location:
Italy
Summary
Italian hacktivist groups Anonymous and LulzSecITA compromised the Regional Environmental Protection Agency in Puglia during a coordinated campaign targeting professional orders, government entities, and private companies. The breach occurred alongside attacks on other regional environmental agencies, prefectures, and telecommunications firms, with attackers leaking sensitive documents including identification records, financial data, and internal communications from compromised organizations. While the environmental agency's specific compromised data wasn't detailed, the operation aimed to expose institutional security failures and privacy vulnerabilities as part of a broader protest against governmental and corporate practices.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On November 5, 2019, hacktivist groups Anonymous Italia and LulzSecITA conducted coordinated cyberattacks against multiple Italian organizations as part of the annual Million Mask March protest. The Regional Environmental Protection Agency in Puglia was among the entities explicitly listed as compromised, alongside environmental authorities in Abruzzo, professional legal orders in Arezzo, Grosseto and Perugia, the Naples Prefecture, and telecommunications provider Lyca Mobile. These attacks coincided with Guy Fawkes Day demonstrations addressing broad societal concerns including environmental activism, political corruption, and privacy rights. While technical specifics of the breach against the Puglia environmental agency weren't disclosed, the pattern of attacks suggested website defacements and/or unauthorized data access consistent with the groups' stated hacktivist objectives. The timing aligned with Anonymous' global Operation Vendetta protests, with Italian participants leveraging the symbolic date to amplify visibility for their causes.
LulzSecITA separately compromised Lyca Mobile's Italian operations, exfiltrating 5.4GB of sensitive customer data including identification documents, credit card information, call records, and emails from a company executive's account. Though no equivalent data specifics were provided regarding the Puglia environmental agency breach, the collective actions demonstrated systematic targeting of government-adjacent institutions. Anonymous Italia publicly justified the intrusions as exposing institutional failures in data protection, asserting their leaks highlighted vulnerabilities affecting citizens' privacy rights. No remediation efforts or forensic findings from the Puglia agency were documented in available sources. The authenticity and scope of environmental agency data compromised remained unverified, though the Lyca Mobile breach indicated capabilities to access sensitive organizational systems. Hacktivist communications emphasized disruptive intent over financial motives, framing the incidents as demonstrations of security inadequacies rather than theft-driven operations.