Cyber Incident Victim: Landi Renzo S.p.A.

On or around October 8, 2022, the Italian automotive systems manufacturer Landi Renzo SpA suffered a cyberattack by the Hive ransomware group. Hive operatives infiltrated the company’s network and maintained unauthorized access for 11 days, conducting reconnaissance and exfiltrating approximately 534 gigabytes of data. The attackers completed encryption of Landi Renzo’s servers on October 18, 2022, and formally notified the company via email on October 19, explicitly referencing their prolonged network presence and encryption activities. Hive publicly listed Landi Renzo on its data leak site on November 3, 2022, though no initial proof-of-hack evidence was provided. The threat actors subsequently furnished the company with a dedicated link to view the stolen data, which reportedly contained proprietary business documentation alongside sensitive personal information belonging to employees and vendors. Hive established a negotiation deadline of November 7, 2022, for undisclosed terms.

The attack compromised critical infrastructure, specifically impacting servers through encryption, though operational disruption details remained unconfirmed by Landi Renzo. Exfiltrated data encompassed intellectual property tied to the company’s eco-friendly fuel system research and manufacturing operations, alongside personally identifiable information. DataBreaches.net verified partial data access but observed no public disclosure of the stolen materials. Landi Renzo did not respond to media inquiries regarding operational impacts, mitigation efforts, or communication with the threat actors prior to the November 4, 2022, publication date of the initial report. The absence of disclosed containment measures or recovery actions left the company’s incident response posture undocumented in available sources. Hive’s imposition of a time-limited extortion framework indicated persistent pressure tactics following the initial compromise.