The Italian police have arrested two people who’re accused to be involved in a data theft from Leonardo’s defense corporation. They have allegedly implanted malware in Leonardo’s network and stolen 10GB of confidential data. It’s reported that malware was renamed after a legitimate Windows file to avoid detection.
Two People Arrested in Leonardo’s Case
Leonardo is an Italian defense company where about 30% of the corporation is held by the Italian Ministry of Economy and Finance. Though Italy based, it has more number of offices in the UK and US. Late this week, several Italian media has published that two people in relation to Leonardo’s data theft were arrested.
The incident, where a former employee was alleged to be to have infected Leonardo’s network, was arrested. He was said to have implanted a malware trojan called cftmon.exe in about 94 systems of the company using USB keys, between 2015 to 2017.
The trojan was crafted to seem like the legitimate file in Windows as C:\Windows\system32\ctfmon.exe, to avoid detection.
Using this trojan, they have stolen sensitive data like the company’s defense data and military secrets, worth 10GB. All such data was then exfiltrated to a command and control server at fujinama.altervista.org.
This domain and the server were seized now by Polizia di Stato and placed a seizure notice on the domain’s webpage.
There are over 100,000 files containing the aircraft designs and the company’s accounting information in the stolen 10GB data. Also, it contained the “credentials for accessing personal information of Leonardo spa employees.”
Alongside the employee who performed this theft, Leonardo’s head of cyber-emergency too house arrested for hindering the investigation and misrepresentation of the scope of the attack.
Leonardo has issued a statement after this conviction, saying that “it should be noted that classified or strategic data is processed in segregated areas, without connectivity, and not within the Pomigliano plant.”
