{"id":6868,"date":"2021-08-20T21:35:42","date_gmt":"2021-08-21T04:35:42","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6868"},"modified":"2024-08-07T12:20:22","modified_gmt":"2024-08-07T19:20:22","slug":"update-on-the-attack-on-the-italian-regional-data-center","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/","title":{"rendered":"Update on the Attack on the Italian Regional Data Center"},"content":{"rendered":"<h3><strong>Author: Gaetano Pellegrino<\/strong><\/h3>\n<p>&nbsp;<br \/>\nOn 1 August, the regional data center of Lazio, the Italian region that includes Rome, was targeted by a cyber attack. The data center, known as Centro di Elaborazione Dati (CED), hosts several critical services: the portal where Lazio residents register for vaccination, and the portal where Lazio residents book medical examinations. Italian authorities had to shut down CED, and this slowed down the vaccination process. We have been monitoring this attack since its first days1 and are releasing this CTA to address the latest information.<br \/>\nAs of 20 August, investigations are still in progress and very little information has been shared about the attack. What is certain is that after delivering a ransomware, the attackers encrypted most of the CED files. Knowing the exact type of ransomware could help the investigators find the threat actors responsible for the attack. That is why the FBI and Interpol have joined forces with the Polizia Postale, the Italian police unit that specializes in cybercrime, to look for possible correlations between the ransomware used in the CED attack and the ransomware used in recent similar attacks against industrial targets and institutions around the world.2<\/p>\n<p>Several hypotheses are being tested at this time: <\/p>\n<ul>\n<li style=\"margin-bottom:15px;\">The first hypothesis concerns Lockbit 2.0, which operates as ransom-as-a-service: an arrangement where affiliates pay a fee to use the ransomware and the exfiltration infrastructure that comes with it. This hypothesis is based on an incident that compromised Engineering: an Italian Managed Services Provider (MSP) active in the health sector.3 After that incident, Lockbit 2.0 targeted at least three clients of the MSP,4 and the Lazio region was supposed to be the fourth victim. <\/li>\n<li>The second hypothesis concerns the RansomExx group and was formulated a few days after the CED attack was disclosed. RamsomExx is a criminal group known for using ransomware to attack high-profile institutions, such as Brazil\u2019s Superior Court of Justice5 and the Texas Department of Transportation.6 This hypothesis originates from the revelations that some undisclosed sources made on a well-known cybersecurity news website.7 <\/li>\n<\/ul>\n<p>Several speculations have been made about the attackers\u2019 motives. At the time of the attack, Italy was in the midst of anti-vaccination protests, so the anti-vaccination activists were among the first suspects. Today, the investigators believe that the attackers seek financial gain, although this is not well-supported by currently available evidence: the attackers made a ransom demand but did not phrase it in explicit terms. Regardless, president Nicola Zingaretti made the region&#8217;s position clear immediately, by stating that the region would not negotiate with the attackers.<\/p>\n<p>Also of interest is how the attackers gained a foothold in the CED network. The initial lack of evidence of social engineering, together with the widely supported hypothesis of an MSP compromise, led some observers to speculate that the attackers were using the credentials of a consultant working as a network administrator for CED. Later, the investigators discovered that the attack originated from the laptop of a CED employee working remotely due to the pandemic. The attackers obtained the employee\u2019s credentials and controlled his laptop during the initial stages of the attack. They had sufficient time to deliver the attack, because the laptop stayed on for the entire night between 31 July and 1 August &#8211; the employee\u2019s son reportedly forgot to turn off the laptop after using it.8<\/p>\n<p>One other important aspect of this case concerns the backup system in place at CED. A few hours after the authorities informed the public about the attack, Alessio D\u2019Amato, head of the Regional Health Service of Lazio, confirmed that the backup files were among the files subjected to ransomware encryption.9 However, on 5 August, the incident responders were able to recover the data up to 30 July, because the attackers did not encrypt a backup stored on a virtual tape library.10<\/p>\n<p>This CTA will be updated as further details are released. In addition, we will update our Threat Intelligence Data Exchange (TIDE) with indicators of attack (IOCs) once they become available and we confirm them.<\/p>\n<ol>\n<li><a href=\"https:\/\/blog.talosintelligence.com\/2020\/09\/threat-roundup-0911-0918.html\">https:\/\/blogs.infoblox.com\/cyber-threat-intelligence\/cyber-threat-advisory-attack-on-italian-regional-data-center\/<\/a><\/li>\n<li><a href=\"https:\/\/roma.corriere.it\/notizie\/cronaca\/21_agosto_05\/attacco-hacker-pc-usato-figlio-dell-impiegato-smart-working-c9c7414e-f5bf-11eb-be09-a49ff05c6b25.shtml\">https:\/\/roma.corriere.it\/notizie\/cronaca\/21_agosto_05\/attacco-hacker-pc-usato-figlio-dell-impiegato-smart-working-c9c7414e-f5bf-11eb-be09-a49ff05c6b25.shtml<\/a><\/li>\n<li><a href=\"https:\/\/www.italian.tech\/2021\/08\/04\/news\/caso_regione_lazio_ed_erg_il_punto_sulle_indagini_lo_scacco_del_ransomware_all_italia-312932780\/\">https:\/\/www.italian.tech\/2021\/08\/04\/news\/caso_regione_lazio_ed_erg_il_punto_sulle_indagini_lo_scacco_del_ransomware_all_italia-312932780\/<\/a><\/li>\n<li><a href=\"https:\/\/reaqta.com\/2021\/08\/new-era-of-ransomware-lockbit-2-0\">https:\/\/reaqta.com\/2021\/08\/new-era-of-ransomware-lockbit-2-0<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/brazils-court-system-under-massive-ransomexx-ransomware-attack\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/brazils-court-system-under-massive-ransomexx-ransomware-attack\/<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-attack-impacts-texas-department-of-transportation\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-attack-impacts-texas-department-of-transportation\/<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-attack-hits-italys-lazio-region-affects-covid-19-site\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-attack-hits-italys-lazio-region-affects-covid-19-site\/<\/a><\/li>\n<li><a href=\"https:\/\/roma.corriere.it\/notizie\/cronaca\/21_agosto_05\/attacco-hacker-pc-usato-figlio-dell-impiegato-smart-working-c9c7414e-f5bf-11eb-be09-a49ff05c6b25.shtml\">https:\/\/roma.corriere.it\/notizie\/cronaca\/21_agosto_05\/attacco-hacker-pc-usato-figlio-dell-impiegato-smart-working-c9c7414e-f5bf-11eb-be09-a49ff05c6b25.shtml<\/a><\/li>\n<li><a href=\"https:\/\/www.romatoday.it\/cronaca\/attacco-hacker-terrorismo-indagini.html\">https:\/\/www.romatoday.it\/cronaca\/attacco-hacker-terrorismo-indagini.html<\/a><\/li>\n<li><a href=\"https:\/\/www.ilpost.it\/2021\/08\/06\/regione-lazio-attacco-hacker-backup\/\">https:\/\/www.ilpost.it\/2021\/08\/06\/regione-lazio-attacco-hacker-backup\/\/<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Author: Gaetano Pellegrino &nbsp; On 1 August, the regional data center of Lazio, the Italian region that includes Rome, was targeted by a cyber attack. The data center, known as Centro di Elaborazione Dati (CED), hosts several critical services: the portal where Lazio residents register for vaccination, and the portal where Lazio residents book medical [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":6869,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[554],"tags":[236,488,294,40,189],"class_list":{"0":"post-6868","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-threat-advisory","8":"tag-cyberthreat","9":"tag-cyberthreat-intelligence-report","10":"tag-malspam","11":"tag-threat-intelligence","12":"tag-cybersecurity","13":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Update on the Attack on the Italian Regional Data Center | Infoblox<\/title>\n<meta name=\"description\" content=\"On 1 August, the regional data center of Lazio, the Italian region that includes Rome, was targeted by a cyber attack.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Update on the Attack on the Italian Regional Data Center\" \/>\n<meta property=\"og:description\" content=\"On 1 August, the regional data center of Lazio, the Italian region that includes Rome, was targeted by a cyber attack.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-21T04:35:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-07T19:20:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"408\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Update on the Attack on the Italian Regional Data Center\",\"datePublished\":\"2021-08-21T04:35:42+00:00\",\"dateModified\":\"2024-08-07T19:20:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/\"},\"wordCount\":775,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-ccb-2.jpg\",\"keywords\":[\"Cyberthreat\",\"Cyberthreat intelligence report\",\"Malspam\",\"Threat Intelligence\",\"Cybersecurity\"],\"articleSection\":[\"Cyber Threat Advisory\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/\",\"name\":\"Update on the Attack on the Italian Regional Data Center | Infoblox\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-ccb-2.jpg\",\"datePublished\":\"2021-08-21T04:35:42+00:00\",\"dateModified\":\"2024-08-07T19:20:22+00:00\",\"description\":\"On 1 August, the regional data center of Lazio, the Italian region that includes Rome, was targeted by a cyber attack.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-ccb-2.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-ccb-2.jpg\",\"width\":612,\"height\":408,\"caption\":\"computer virus transfer into desktop pc by internet LAN line. double exposure shot of backside of a computer and red binary codes. hacker virus spyware ransomware and security breached concepts.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-threat-advisory\\\/update-on-the-attack-on-the-italian-regional-data-center\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Threat Advisory\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/cyber-threat-advisory\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Update on the Attack on the Italian Regional Data Center\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Update on the Attack on the Italian Regional Data Center | Infoblox","description":"On 1 August, the regional data center of Lazio, the Italian region that includes Rome, was targeted by a cyber attack.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/","og_locale":"en_US","og_type":"article","og_title":"Update on the Attack on the Italian Regional Data Center","og_description":"On 1 August, the regional data center of Lazio, the Italian region that includes Rome, was targeted by a cyber attack.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/","og_site_name":"Infoblox Blog","article_published_time":"2021-08-21T04:35:42+00:00","article_modified_time":"2024-08-07T19:20:22+00:00","og_image":[{"width":612,"height":408,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Update on the Attack on the Italian Regional Data Center","datePublished":"2021-08-21T04:35:42+00:00","dateModified":"2024-08-07T19:20:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/"},"wordCount":775,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg","keywords":["Cyberthreat","Cyberthreat intelligence report","Malspam","Threat Intelligence","Cybersecurity"],"articleSection":["Cyber Threat Advisory"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/","name":"Update on the Attack on the Italian Regional Data Center | Infoblox","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg","datePublished":"2021-08-21T04:35:42+00:00","dateModified":"2024-08-07T19:20:22+00:00","description":"On 1 August, the regional data center of Lazio, the Italian region that includes Rome, was targeted by a cyber attack.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-ccb-2.jpg","width":612,"height":408,"caption":"computer virus transfer into desktop pc by internet LAN line. double exposure shot of backside of a computer and red binary codes. hacker virus spyware ransomware and security breached concepts."},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-threat-advisory\/update-on-the-attack-on-the-italian-regional-data-center\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Cyber Threat Advisory","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/cyber-threat-advisory\/"},{"@type":"ListItem","position":4,"name":"Update on the Attack on the Italian Regional Data Center"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6868"}],"version-history":[{"count":4,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6868\/revisions"}],"predecessor-version":[{"id":6873,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6868\/revisions\/6873"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6869"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}