Giambelli
| Primary URL | Location | Industry | www[.]giambelli[.]com |
Country
Italy
|
Construction
|
|---|
Profile
Giambelli is a construction group headquartered in Italy, as indicated by the reference to the “Giambelli construction group” in the reported incident. The organisation’s primary activity lies within the construction sector, undertaking building and infrastructure projects consistent with its classification as a construction company. Its headquarters location situates it within the Italian market, though the extent of its domestic or international operations is not detailed in the available sources.
On June 27 2023, Giambelli experienced a ransomware attack that was publicly claimed by the BlackBasta ransomware group. The attackers asserted that they had compromised the company’s networks and exfiltrated a quantity of sensitive data before encrypting systems. A statement accompanying the claim noted that samples of the stolen information were published to demonstrate the breach’s authenticity and to pressure the victim into meeting ransom demands.
The disclosed samples included identity documents, contractual agreements, and user information that contained passwords for various Internet of Things devices. Notably, the exposed data also revealed that some of Giambelli’s internet‑exposed systems were protected only by default administrative credentials. This detail was highlighted in the attackers’ publication as evidence of insufficient security controls on externally accessible assets.
The incident was reported by the cybersecurity news outlet RedHotCyber, which provided a link to the attackers’ post and summarised the nature of the leaked material. The article served as the primary open‑source reference for the breach, confirming both the date of the attack and the identity of the ransomware group responsible.
Overall, the episode underscores that Giambelli, as a construction group operating from Italy, faced a significant cyber‑security event in which default credentials and exposed credentials for IoT devices were among the data elements compromised and subsequently disclosed. The available information does not extend beyond these confirmed facts regarding the organisation’s size, market reach, ownership structure, or additional operational details.