Cyber Incident Victim: Italia Militare
Date:
May 2023
Location:
Italy
Summary
A cybersecurity incident involving Italia Militare resulted in the exposure of its user database containing approximately 364,000 records, which was publicly distributed via a Telegram channel and an underground forum. The leaked data, comprising a 655MB SQL file, included sensitive user information and was accompanied by a 41MB Data Definition Language file revealing the database schema. An individual using the alias "fibonacci" claimed responsibility for disseminating the compromised data. The affected organization was notified of the breach, though no official statement or confirmation was provided at the time of reporting. The incident highlights unauthorized access to and distribution of substantial user data from the military-focused platform.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 30, 2023, a prominent Telegram channel specializing in distributing stolen corporate data disclosed a breach involving the Italian website italiamilitare.it. An individual using the alias "fibonacci" uploaded a 655MB SQL database file containing 364,000 user records to an underground cybercrime forum. The leaked data included structured database schemas and table entries, with samples revealing a 41MB Data Definition Language (DDL) file detailing the database architecture. Red Hot Cyber analysts verified the authenticity of the leaked samples, which exposed user information from the military-focused platform. The threat actor publicly advertised the database's availability through both Telegram and forum posts, enabling unrestricted downloads of the compromised records. No immediate claims regarding the breach's motive or methodology appeared in the initial disclosure.
Red Hot Cyber promptly notified italiamilitare.it's administrators about the breach disclosure to alert them to the potential compromise. The publication offered the platform operators an opportunity to provide formal comments or updates regarding the incident for potential inclusion in subsequent reporting. Monitoring of underground channels continued to track any developments, including additional data dumps or claims related to the breach. The analysts maintained an open channel for anonymous whistleblowers to submit encrypted tips about the incident through secure email. The full scope of impacted data fields and potential operational consequences for italiamilitare.it remained unconfirmed in the initial reporting period.