The Italian police have arrested two people whoโre accused to be involved in a data theft from Leonardoโs defense corporation. They have allegedly implanted malware in Leonardoโs network and stolen 10GB of confidential data. Itโs reported that malware was renamed after a legitimate Windows file to avoid detection.
Two People Arrested in Leonardoโs Case
Leonardo is an Italian defense company where about 30% of the corporation is held by the Italian Ministry of Economy and Finance. Though Italy based, it has more number of offices in the UK and US. Late this week, several Italian media has published that two people in relation to Leonardoโs data theft were arrested.
The incident, where a former employee was alleged to be to have infected Leonardoโs network, was arrested. He was said to have implanted a malware trojan called cftmon.exe in about 94 systems of the company using USB keys, between 2015 to 2017.
The trojan was crafted to seem like the legitimate file in Windows as C:\Windows\system32\ctfmon.exe, to avoid detection.
Using this trojan, they have stolen sensitive data like the companyโs defense data and military secrets, worth 10GB. All such data was then exfiltrated to a command and control server at fujinama.altervista.org.
This domain and the server were seized now by Polizia di Stato and placed a seizure notice on the domainโs webpage.
There are over 100,000 files containing the aircraft designs and the companyโs accounting information in the stolen 10GB data. Also, it contained the โcredentials for accessing personal information of Leonardo spa employees.โ
Alongside the employee who performed this theft, Leonardoโs head of cyber-emergency too house arrested for hindering the investigation and misrepresentation of the scope of the attack.
Leonardo has issued a statement after this conviction, saying that โit should be noted that classified or strategic data is processed in segregated areas, without connectivity, and not within the Pomigliano plant.โ