Cyber Incident Victim: Gestore dei Servizi Energetici SpA
Date:
Aug 2022
Location:
Italy
Summary
The Italian government energy agency Gestore dei Servizi Energetici SpA experienced a cyberattack that compromised its infrastructure, disrupting operations and causing sustained website downtime. The incident occurred amid broader attacks targeting Italy's energy sector, with unauthorized network access also reported at another major energy firm. While the specific attack vector and responsible threat actor remained undetermined, the breach highlighted risks to critical infrastructure, where IT system compromises can impair essential services even without direct interference to operational technology.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late August 2022, Italy’s energy agency Gestore dei Servizi Energetici SpA (GSE) suffered a cyberattack that compromised its infrastructure and disrupted operations. The attack occurred over the weekend preceding August 31, coinciding with a separate breach at Italian oil company Eni. GSE’s website remained offline following the intrusion, with individuals familiar with the matter confirming operational impacts at the agency responsible for managing Italy’s electricity market. Authorities did not disclose technical specifics regarding the attack vector or duration of unauthorized access. No ransomware claims or payment demands were publicly verified, though contemporaneous reports about Eni’s breach suggested possible ransomware involvement in that incident. The agency did not release details about affected internal systems or data compromise. Italian authorities were engaged in investigating both the GSE and Eni incidents, though no attribution to specific threat actors was established at the time of reporting.
The GSE breach occurred amid broader cybersecurity pressures on Italy’s energy sector, with Eni confirming unauthorized network access days earlier. While Eni characterized its incident as having minor consequences due to rapid detection, GSE’s operational disruptions highlighted potential vulnerabilities in critical infrastructure systems. Historical context referenced the Colonial Pipeline ransomware attack of 2021, which demonstrated how IT system compromises could force operational shutdowns even without direct penetration of industrial control systems. GSE’s website outage persisted through the reporting period, though the agency did not clarify whether this resulted from defensive measures or attacker actions. No customer data breaches or electricity market manipulations were confirmed. Investigations by Italian authorities remained ongoing to determine intrusion scope and threat actor identity, paralleling probes into the Eni breach. The incidents collectively underscored persistent risks to energy sector IT environments despite varying operational impacts across organizations.