Cyber Incident Victim: Advanced Systems
Date:
Dec 2022
Location:
Italy
Summary
Advanced Systems experienced a ransomware attack by the PHOBOS cyber gang targeting several corporate servers. The company promptly reported the incident to authorities, activated internal security protocols, and initiated preparations to notify the data protection supervisory body. A dedicated task force, supported by cyber incident management firm SWASCAN, was deployed to analyze the compromise, assess server integrity, and implement restoration measures for affected applications critical to public sector tax collection and financial management services. The organization confirmed engagement with its Data Protection Officer throughout the response process.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Advanced Systems, an Italian software company founded in 1981 specializing in tax collection management systems and software for public entities, experienced a ransomware attack impacting several corporate servers in December 2022. The company publicly disclosed the incident via a press release on December 29, 2022, attributing the attack to the cybercriminal group PHOBOS. Upon detecting the compromise, Advanced Systems immediately activated its internal security protocols and formally reported the incident to the Postal Police (Polizia Postale), Italy’s primary cybercrime investigation unit. The organization concurrently alerted its Data Protection Officer (DPO) and initiated preparations to notify the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) in compliance with GDPR breach notification requirements. A dedicated task force involving cybersecurity experts from SWASCAN, a subsidiary of Tinexta Group specializing in cyber incident management, was mobilized to conduct forensic analysis, assess server integrity, and implement restoration procedures for affected applications critical to the company’s operations. The attack disrupted normal functionality of software services provided to public sector clients, though the company did not specify operational downtime duration or client impact severity.
Advanced Systems maintained its headquarters in Casalnuovo di Napoli, with subsidiaries including SAIR (established in 1992 for Eastern European market operations) and SADAS SRL (focused on business intelligence solutions since 2013). The PHOBOS ransomware group, identified as the perpetrator, typically employs encryption-based attacks to extort payments, though no ransom demands or data exfiltration claims were explicitly mentioned in available reports. Internal documentation dated December 27, 2022—two days prior to the breach disclosure—detailed the company’s GDPR compliance framework, identifying Anna di Felice as Data Protection Officer and specifying data processing limitations including no transfers outside the European Union. Incident response efforts prioritized restoring application functionality while maintaining regulatory compliance through coordinated engagement with law enforcement and data protection authorities. The company did not publicly disclose technical specifics regarding initial attack vectors, encryption methods used, or full remediation timelines beyond confirming ongoing recovery operations through its external cybersecurity partners.