Search This Blog

Showing posts with label Tax agency. Show all posts

LockBit Ransomware Gang Targets Italian Tax Agency


Over the weekend, the Lockbit ransomware gang disclosed they have infiltrated Italy’s Revenue Agency (L’Agenzia delle Entrate) and stolen 78 GB of files, including documents, scans, financial reports, and contracts. 

The Italian Revenue Agency manages the financial code of Italy and collects taxes and revenue. The agency also offers multiple online services for Italian and non-Italian taxpayers. 

The ransomware gang gave the agency about six days to pay the ransomware to avoid leaking stolen data. The group then extended the deadline to August 1 and announced it now had 100 GB of data. They also posted several screenshots of the stolen data on their dark web data leak website. 

“The Revenue Agency, operational since 1 January 2001, was born from the reorganization of the Financial Administration following the Legislative Decree No. 300 of 1999. It has its own statute and specific regulations governing administration and accounting. The bodies of the Agency are made up of the Director, the Management Committee, the Board of Auditors.” reads the text posted on the leak site. “From 1 December 2012 the Revenue Agency incorporated the Territory Agency (article 23-quater of Legislative Decree 95/2012).” 

However, Sogei, an IT firm owned by the Ministry of Economy and Finance, tasked with the investigation of the alleged hack, said that there is no evidence that the tax agency has suffered a data breach. 

“Sogei spa informs that from the first analyzes carried out, no cyber attacks have occurred or data has been stolen from the financial administration's technological platforms and infrastructures. From the technical checks carried out, Sogei, therefore, excludes that a computer attack on the Revenue Agency website may have occurred,” the company stated in a lengthy statement. 

At the end of June, the Lockbit ransomware gang announced the launch of Lockbit 3.0, a new ransomware-as-a-service offering and a bug bounty program. The group said it will offer rewards ranging between $1,000 and $1 million to security researchers and ethical or unethical hackers for information regarding vulnerabilities in their website, the ransomware encryption process, the Tox messaging app, and bugs exploiting their Tor infrastructure. 

Additionally, the Lockbit 3.0 version is employing a new extortion methodology that allows threat hackers to buy data stolen from the victims during the attacks. This means that someone could buy data from Italian taxpayers and leverage them for a wide range of financial frauds.

Bulgaria’s tax agency hacker released

A cybersecurity expert accused of hacking the data of more than 5 million Bulgarian taxpayers was released by police Wednesday after his charges were downgraded.

Kristian Boykov, a 20-year-old Bulgarian cybersecurity worker, was arrested in Bulgaria's capital Sofia last week in connection to the breach. Police raided his home and seized computers and mobile devices with encrypted information. The hacker was found by police through the computer and software used in the attack, according to the Sofia prosecutor's office.

Due to his work, which involves testing computer networks for potential vulnerabilities, some believe Boykov is a "white hat hacker" — a hacker that breaks into computer networks to expose vulnerabilities and push for the weaknesses to be fixed.

He has made news in Bulgaria before. In 2017, he hacked the Bulgarian education ministry's website to expose its vulnerabilities. In a television interview, he described the work as "fulfilling my civic duty."

Sofia prosecutors claim they tracked one of the stolen files from the latest data breach to a username used by Boykov. Boykov and his lawyer reject the allegations against him and say he was not involved in the incident.

The hack of the nation's tax agency database is believed to be the largest data breach in Bulgaria's history. Nearly every working adult in Bulgaria was impacted. In a country of 7 million, more than 5 million people had personal data such as social security information, addresses, incomes and names leaked and made easily accessible on the Internet.

Boykov was initially charged with a computer crime against critical infrastructure, with a maximum sentence of eight years in jail. Those charges were dropped and he was given a lesser charge of crime against information systems, which has a maximum jail sentence of three years.

The initial hack is believed to have happened in June. The breach remained undetected until an email from a Russian email address was sent to Bulgarian news outlets last week claiming responsibility for the attack. In the email, the sender claimed to be a Russian hacker, gave downloadable links to the stolen information and mocked Bulgaria's cybersecurity efforts.