Cyber Incident Victim: University of Rome Tor Vergata

On or around September 16, 2022, the cybercriminal group Stormous claimed responsibility for a cyberattack targeting the University of Roma Tor Vergata (UNIROMA2). The group announced the breach through a post on its Telegram channel, alleging it had compromised university systems. Stormous asserted that weak passwords within the university’s infrastructure facilitated the intrusion, though no technical evidence substantiating this claim was publicly disclosed. By September 17, Red Hot Cyber (RHC), an Italian cybersecurity news outlet, contacted Stormous via email seeking further details about the attack. The threat actors did not provide RHC with additional specifics beyond their initial claims. Stormous offered the stolen data for sale at a price of $2,000, indicating the exfiltrated information included sensitive institutional or personal records, though the exact scope and nature of the data remained unverified.

The University of Tor Vergata did not issue any public statements, press releases, or incident notifications in response to Stormous’s claims or RHC’s inquiries as of September 25, 2022. RHC formally requested the university to clarify the incident’s severity and confirm whether a breach had occurred, but no acknowledgment or details were provided. The absence of official communication left the scale of the attack, its operational impact, and the validity of Stormous’s assertions unconfirmed. The group’s decision to monetize the data underscored potential financial motives behind the intrusion. No further actions by the university—such as containment measures, forensic investigations, or stakeholder notifications—were documented in the available source material during the reporting period.