Cyber Incident Victim: Filomeno Wi-Fi
Date:
Oct 2022
Location:
Italy
Summary
An Italian telecommunications company, Filomeno Wi-Fi, was compromised by the cybercriminal group Kelvin Security, resulting in the theft of 314MB of sensitive documents including PDFs, spreadsheets, and text files. The stolen data was advertised for sale on Breach Forums, with potential buyers directed to contact the attackers via a provided link. Kelvin Security, known for targeting Italian organizations, has previously breached entities such as a Vodafone Italia supplier, RP Company, and a BMW manufacturer—exfiltrating customer data in the latter case. The group routinely monetizes stolen information, selling database access, proof-of-concept exploits, and compromised corporate records across underground forums.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around October 25, 2022, the Italian company Filomeno Wi-Fi suffered a cyberattack attributed to the Kelvin Security group. The attackers infiltrated Filomeno Wi-Fi's systems and exfiltrated 314 megabytes of data containing various document types, including PDF, DOCX, and XLS files. Kelvin Security publicly claimed responsibility for the breach by posting details on Breach Forums, a prominent underground cybercrime platform. The forum post included an offer to sell the stolen data through direct contact with the attackers. This incident represented another operation by Kelvin Security against Italian organizations, continuing a pattern of targeting businesses in the country.
Kelvin Security had previously compromised multiple Italian entities prior to the Filomeno Wi-Fi attack, including a Vodafone Italia supplier, RP Company, E-City Group, and Genial Money. The group demonstrated transnational capabilities through their 2020 breach of BMW, where they stole and sold data belonging to 384,000 customers via Raid Forums. Active since at least 2020, Kelvin Security operates as a black-hat hacking collective specializing in data exfiltration and underground marketplace transactions. Their business model involves selling stolen databases, compromised system accesses, and proof-of-concept exploits alongside exfiltrated corporate data. The Filomeno Wi-Fi breach exposed sensitive company documents to potential illicit acquisition, with the attackers monetizing the stolen information through dark web channels without disclosing specific customer impact or Filomeno Wi-Fi's response measures.