A post on the Russian-language hacker forum XSS by a threat actor that goes online with the moniker Adrastea which defines itself as a group of independent cybersecurity specialists and researchers, claims to have hacked MBDA.
The attackers say that they have found a critical vulnerability in the network infrastructure of the Italian branch of MBDA, which allowed them to steal 60 GB of data.
According to the attackers, they were able to download design documentation for air defense systems, missile systems, and coastal defense systems, presentations, correspondence with other defense contractors, and other confidential information.
As proof of the hack Adrastea shared a link to a password-protected linked archive containing internal documents related to projects and correspondence.
At this time it is not clear if the threat actors have breached only one of the national divisions of the company, they did not disclose details about the attack.
If the hack is confirmed, it will be the second time in two weeks that Italy's critical infrastructure has been targeted by hackers. Last week, the LockBit group claimed to have hacked the Italian tax office. Italian authorities have launched an investigation. However, Sogei, a state-owned IT company, said it could not confirm the cyberattack.
MBDA Statement: Denies of Breached
MBDA has responded to rumors that its internal systems have been compromised. A spokesman for the company said that reports of a cyber attack are false, but the attackers demanded a ransom from the MBDA branch in Italy. Refused, the cybercriminal group began spreading news of the hack and offering "stolen data" that was not secret or confidential.
The company's specialists determined that the data was stolen from an external hard drive, and MBDA's internal systems were not affected. The rocket maker has already begun cooperating with Italian law enforcement and plans to take legal action against the “criminal act of blackmail.”
“So far, the company’s internal verification processes indicate that the data made available online are neither classified data nor sensitive” MBDA says.
The firm doesn’t provide any explanation about how the extortionists got their hands onto the external hard drive from MBDA Italy