{"id":6801,"date":"2021-08-03T12:09:57","date_gmt":"2021-08-03T19:09:57","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6801"},"modified":"2024-04-26T13:20:26","modified_gmt":"2024-04-26T20:20:26","slug":"cyber-threat-advisory-attack-on-italian-regional-data-center","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/","title":{"rendered":"Cyber Threat Advisory: Attack on Italian Regional Data Center"},"content":{"rendered":"<h3>Author: Gaetano Pellegrino<\/h3>\n<h3>TLP: WHITE<\/h3>\n<p>On 1 August 2021, the COVID-19 Crisis Unit for the Lazio region of Italy, which includes Rome, announced that a powerful cyber attack was targeting the regional data center, known as Centro di Elaborazione Dati (CED).<sup>1<\/sup>\u00a0The attack started after 00:00 CEST and lasted until at least 14:00 CEST. The attack forced the Italian authorities to shut down the CED, which is hosting, among other services, the portal where all Lazio residents register for vaccination. According to Alessio D\u2019Amato, the head of the Regional Health Service of Lazio, the attack has not stopped vaccinations but will probably slow them down because registrations have been suspended. The authorities also shut down the Centro Unico di Prenotazione (CUP): the platform where all Lazio residents book medical examinations.<\/p>\n<p>Very little information has been shared about the attack, which Nicola Zingaretti, the region\u2019s president, has defined as probably the most dangerous in the Italian Republic\u2019s history. Polizia Postale, the Italian police unit that specializes in cybercrime, is investigating the attack and will deliver an initial report to the authorities. What is known from public sources is that the attackers encrypted CED files after delivering ransomware. Nunzia Ciardi, the head of the Polizia Postale, stated that at the moment, there was no evidence of data exfiltration.<sup>2<\/sup>\u00a0Whatever their demands might be, declared Zingaretti, the Lazio Region would not negotiate with the attackers.<\/p>\n<p>Initially, because Italy has been experiencing anti-vaccination protests over the last several days, the authorities suspected that anti-vaccination activists were behind the attack.<sup>3<\/sup> However, the current lack of evidence of social engineering or phishing activities means that the attack could have come from a state-sponsored actor or an insider threat.<sup>4<\/sup><\/p>\n<p>In the last several hours, an unconfirmed report<sup>5<\/sup>\u00a0has asserted that the attack on the CED started from a specific computer there that had been compromised during a successful June attack against a large Italian IT provider for the health sector. The attackers reportedly leveraged administrative credentials obtained in that earlier attack to deploy a ransomware that the report authors currently assess to be LockBit 2.0.<\/p>\n<p>As other countries, Italy is pushing hard to vaccinate most of its population and thus reach herd immunity against COVID-19. In Italy, the administration of each region is responsible for managing the logistics of vaccinating the region\u2019s population. Because the attack has been perpetrated against one of the most densely populated regions, it has already harmed the vaccination process.<\/p>\n<p>This CTA will be updated as further details are released. In addition, we will update our Threat Intelligence Data Exchange (TIDE) with indicators of attack (IOCs) once they become available and we confirm them.<\/p>\n<p><sup>1<\/sup><a href=\"https:\/\/www.ansa.it\/sito\/notizie\/topnews\/2021\/08\/01\/attacco-hacker-a-ced-lazio-sospese-prenotazioni-vaccini_c83a8ff1-f44f-45fa-a17b-093041394471.html\">https:\/\/www.ansa.it\/sito\/notizie\/topnews\/2021\/08\/01\/attacco-hacker-a-ced-lazio-sospese-prenotazioni-vaccini_c83a8ff1-f44f-45fa-a17b-093041394471.html<\/a><\/p>\n<p><sup>2<\/sup><a href=\"https:\/\/www.ilsecoloxix.it\/italia-mondo\/cronaca\/2021\/08\/02\/news\/attacco-hacker-in-corso-alla-regione-lazio-blitz-partito-dall-estero-bloccate-tutte-le-attivita-1.40561128\">https:\/\/www.ilsecoloxix.it\/italia-mondo\/cronaca\/2021\/08\/02\/news\/attacco-hacker-in-corso-alla-regione-lazio-blitz-partito-dall-estero-bloccate-tutte-le-attivita-1.40561128<\/a><\/p>\n<p><sup>3<\/sup><a href=\"https:\/\/tg24.sky.it\/roma\/2021\/08\/01\/unita-crisi-lazio-attacco-hacker\">https:\/\/tg24.sky.it\/roma\/2021\/08\/01\/unita-crisi-lazio-attacco-hacker<\/a><\/p>\n<p><sup>4<\/sup><a href=\"https:\/\/tg24.sky.it\/roma\/2021\/08\/02\/vaccini-lazio-attacco-hacker\">https:\/\/tg24.sky.it\/roma\/2021\/08\/02\/vaccini-lazio-attacco-hacker<\/a><\/p>\n<p><sup>5<\/sup><a href=\"https:\/\/www.italian.tech\/2021\/08\/02\/news\/ecco_perche_l_attacco_alla_regione_lazio_e_solo_l_inizio-312706378\">https:\/\/www.italian.tech\/2021\/08\/02\/news\/ecco_perche_l_attacco_alla_regione_lazio_e_solo_l_inizio-312706378<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Author: Gaetano Pellegrino TLP: WHITE On 1 August 2021, the COVID-19 Crisis Unit for the Lazio region of Italy, which includes Rome, announced that a powerful cyber attack was targeting the regional data center, known as Centro di Elaborazione Dati (CED).1\u00a0The attack started after 00:00 CEST and lasted until at least 14:00 CEST. The attack [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":6733,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254],"tags":[333,549,288],"class_list":{"0":"post-6801","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"tag-cyberattack","9":"tag-italian-regional-data-center","10":"tag-ransomware","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Cyber Threat Advisory: Attack on Italian Regional Data Center<\/title>\n<meta name=\"description\" content=\"Cyber Threat Advisory: Attack on Italian Regional Data Center. On 1 August 2021, the COVID-19 Crisis Unit for the Lazio region of Italy, which includes Rome, announced that a powerful cyber attack was targeting the regional data center, known as Centro di Elaborazione Dati (CED). The attack started after 00:00 CEST and lasted until at least 14:00 CEST. The attack forced the Italian authorities to shut down the CED, which is hosting, among other services, the portal where all Lazio residents register for vaccination. According to Alessio D\u2019Amato, the head of the Regional Health Service of Lazio, the attack has not stopped vaccinations but will probably slow them down because registrations have been suspended. The authorities also shut down the Centro Unico di Prenotazione (CUP): the platform where all Lazio residents book medical examinations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber Threat Advisory: Attack on Italian Regional Data Center\" \/>\n<meta property=\"og:description\" content=\"Cyber Threat Advisory: Attack on Italian Regional Data Center. On 1 August 2021, the COVID-19 Crisis Unit for the Lazio region of Italy, which includes Rome, announced that a powerful cyber attack was targeting the regional data center, known as Centro di Elaborazione Dati (CED). The attack started after 00:00 CEST and lasted until at least 14:00 CEST. The attack forced the Italian authorities to shut down the CED, which is hosting, among other services, the portal where all Lazio residents register for vaccination. According to Alessio D\u2019Amato, the head of the Regional Health Service of Lazio, the attack has not stopped vaccinations but will probably slow them down because registrations have been suspended. The authorities also shut down the Centro Unico di Prenotazione (CUP): the platform where all Lazio residents book medical examinations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-03T19:09:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:20:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"344\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Cyber Threat Advisory: Attack on Italian Regional Data Center\",\"datePublished\":\"2021-08-03T19:09:57+00:00\",\"dateModified\":\"2024-04-26T20:20:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/\"},\"wordCount\":501,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-37.jpg\",\"keywords\":[\"Cyberattack\",\"Italian Regional Data Center\",\"Ransomware\"],\"articleSection\":[\"Infoblox Threat Intel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/\",\"name\":\"Cyber Threat Advisory: Attack on Italian Regional Data Center\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-37.jpg\",\"datePublished\":\"2021-08-03T19:09:57+00:00\",\"dateModified\":\"2024-04-26T20:20:26+00:00\",\"description\":\"Cyber Threat Advisory: Attack on Italian Regional Data Center. On 1 August 2021, the COVID-19 Crisis Unit for the Lazio region of Italy, which includes Rome, announced that a powerful cyber attack was targeting the regional data center, known as Centro di Elaborazione Dati (CED). The attack started after 00:00 CEST and lasted until at least 14:00 CEST. The attack forced the Italian authorities to shut down the CED, which is hosting, among other services, the portal where all Lazio residents register for vaccination. According to Alessio D\u2019Amato, the head of the Regional Health Service of Lazio, the attack has not stopped vaccinations but will probably slow them down because registrations have been suspended. The authorities also shut down the Centro Unico di Prenotazione (CUP): the platform where all Lazio residents book medical examinations.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-37.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-37.jpg\",\"width\":612,\"height\":344,\"caption\":\"computer screen with programming code and an alert message, concept of computer security, malware or hacker attack (3d render)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory-attack-on-italian-regional-data-center\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Threat Advisory: Attack on Italian Regional Data Center\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Cyber Threat Advisory: Attack on Italian Regional Data Center","description":"Cyber Threat Advisory: Attack on Italian Regional Data Center. On 1 August 2021, the COVID-19 Crisis Unit for the Lazio region of Italy, which includes Rome, announced that a powerful cyber attack was targeting the regional data center, known as Centro di Elaborazione Dati (CED). The attack started after 00:00 CEST and lasted until at least 14:00 CEST. The attack forced the Italian authorities to shut down the CED, which is hosting, among other services, the portal where all Lazio residents register for vaccination. According to Alessio D\u2019Amato, the head of the Regional Health Service of Lazio, the attack has not stopped vaccinations but will probably slow them down because registrations have been suspended. The authorities also shut down the Centro Unico di Prenotazione (CUP): the platform where all Lazio residents book medical examinations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/","og_locale":"en_US","og_type":"article","og_title":"Cyber Threat Advisory: Attack on Italian Regional Data Center","og_description":"Cyber Threat Advisory: Attack on Italian Regional Data Center. On 1 August 2021, the COVID-19 Crisis Unit for the Lazio region of Italy, which includes Rome, announced that a powerful cyber attack was targeting the regional data center, known as Centro di Elaborazione Dati (CED). The attack started after 00:00 CEST and lasted until at least 14:00 CEST. The attack forced the Italian authorities to shut down the CED, which is hosting, among other services, the portal where all Lazio residents register for vaccination. According to Alessio D\u2019Amato, the head of the Regional Health Service of Lazio, the attack has not stopped vaccinations but will probably slow them down because registrations have been suspended. The authorities also shut down the Centro Unico di Prenotazione (CUP): the platform where all Lazio residents book medical examinations.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/","og_site_name":"Infoblox Blog","article_published_time":"2021-08-03T19:09:57+00:00","article_modified_time":"2024-04-26T20:20:26+00:00","og_image":[{"width":612,"height":344,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Cyber Threat Advisory: Attack on Italian Regional Data Center","datePublished":"2021-08-03T19:09:57+00:00","dateModified":"2024-04-26T20:20:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/"},"wordCount":501,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg","keywords":["Cyberattack","Italian Regional Data Center","Ransomware"],"articleSection":["Infoblox Threat Intel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/","name":"Cyber Threat Advisory: Attack on Italian Regional Data Center","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg","datePublished":"2021-08-03T19:09:57+00:00","dateModified":"2024-04-26T20:20:26+00:00","description":"Cyber Threat Advisory: Attack on Italian Regional Data Center. On 1 August 2021, the COVID-19 Crisis Unit for the Lazio region of Italy, which includes Rome, announced that a powerful cyber attack was targeting the regional data center, known as Centro di Elaborazione Dati (CED). The attack started after 00:00 CEST and lasted until at least 14:00 CEST. The attack forced the Italian authorities to shut down the CED, which is hosting, among other services, the portal where all Lazio residents register for vaccination. According to Alessio D\u2019Amato, the head of the Regional Health Service of Lazio, the attack has not stopped vaccinations but will probably slow them down because registrations have been suspended. The authorities also shut down the Centro Unico di Prenotazione (CUP): the platform where all Lazio residents book medical examinations.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg","width":612,"height":344,"caption":"computer screen with programming code and an alert message, concept of computer security, malware or hacker attack (3d render)"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Cyber Threat Advisory: Attack on Italian Regional Data Center"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6801"}],"version-history":[{"count":4,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6801\/revisions"}],"predecessor-version":[{"id":6807,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6801\/revisions\/6807"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6733"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}