Cyber Incident Victim: FIEGE Logistics Italia srl
Date:
Mar 2023
Location:
Italy
Summary
A ransomware attack utilizing Lockbit 3.0 compromised the Italian division of Fiege Logistics, resulting in the theft of 259 GB of internal data, portions of which were published in the darknet alongside a ransom demand. The incident impacted three Italian logistics centers, disrupting approximately 15% of local operations, though two locations resumed work swiftly and the third was expected to follow shortly. Systems were isolated to contain the breach, with coordinated investigations involving IT security partners, law enforcement, and data protection authorities. While an assessment of exfiltrated data was ongoing, preliminary evaluations indicated a low risk to personal information, and no systems outside Italy were affected. Stakeholders, including customers and employees, were notified of the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyber incident occurred at FIEGE Logistics Italia srl, a logistics company, resulting in the theft of 259 GB of internal data. The attackers used Lockbit 3.0 ransomware to gain access to the company's systems and steal sensitive information. The incident affected three logistics centers in Italy, with two already back online and the third expected to resume operations soon.
The attack was first detected by the company's cybersecurity team, who quickly responded to contain the damage. The team isolated the affected systems and began working with authorities to investigate the incident. The company's cybersecurity team also notified the relevant authorities and stakeholders about the incident, including the affected customers and employees.
The attackers published some of the stolen data on the darknet, which is a part of the internet that is not easily accessible and requires special software to access. The publication of the data on the darknet suggests that the attackers were attempting to extort money from the company in exchange for not releasing more sensitive information.
The company's cybersecurity team has been working around the clock to restore the affected systems and ensure the security of the company's data. The team has also been working with external experts to analyze the incident and identify the root cause of the attack. The investigation is ongoing, and the company is cooperating fully with the authorities to identify the perpetrators and bring them to justice.
The incident has had a significant impact on the company's operations, with some logistics centers still offline. However, the company has been working to minimize the disruption to its customers and has implemented contingency plans to ensure the continuity of its services. The company has also been in close communication with its customers and stakeholders to keep them informed about the incident and the steps being taken to resolve it.
The use of Lockbit 3.0 ransomware in the attack suggests that the attackers were highly sophisticated and well-resourced. Lockbit 3.0 is a type of ransomware that is known for its ability to evade detection and its use of advanced encryption techniques to lock down data. The fact that the attackers were able to use this type of ransomware to gain access to the company's systems and steal sensitive information suggests that they had a high level of expertise and resources.
The incident highlights the importance of cybersecurity for companies, particularly those in the logistics industry. The logistics industry is increasingly reliant on technology, and companies in this industry must have robust cybersecurity measures in place to protect themselves against cyber threats. The incident also highlights the need for companies to have incident response plans in place to quickly respond to cyber incidents and minimize the damage.
The company's quick response to the incident and its cooperation with the authorities are positive steps in responding to the incident. The company's transparency with its customers and stakeholders about the incident is also important in maintaining trust and confidence. The incident is a reminder that cyber threats are a real and present danger, and companies must be vigilant in protecting themselves against these threats.
The investigation into the incident is ongoing, and it is likely that more information will come to light about the attackers and their motivations. The company will likely face challenges in recovering from the incident, but its quick response and cooperation with the authorities suggest that it is taking the necessary steps to minimize the damage. The incident is a reminder of the importance of cybersecurity and the need for companies to be prepared to respond to cyber incidents.