50 000 companies compromised, 700 Italian organisations among them
During Threat Intelligence activities for monitoring and tracking Threat Actors, we identified activity of significant interest due to the substantial number of compromised systems—approximately 50 000 globally.
In Italy
By analyzing the list of IP addresses, we determined the ownership of these systems. At least 700 Italian systems have been compromised, all deployed in corporate environments of medium to large-scale organizations.
The vulnerability could be exploited to gain access to the internal corporate network, subsequently enabling a Ransomware attack while circumventing all enterprise security controls.
Top: technical evidence of the vulnerability
Vulnerability Details
The presence of an IP address in the list must be interpreted as an already-executed compromise. Threat actors may already be in the preparation or initiation phase of a cyber attack. We do not exclude possible Data Breach incidents in the coming weeks linked to this attack vector.
The vulnerability grants complete network access to targeted organizations while bypassing all security systems. The vulnerability in question is a 2018 vulnerability classified as “Path Traversal” (T1190 – Exploit Public-Facing Application).
The vulnerability could be exploited for initial network access (T1190), followed by the deployment of a Ransomware attack. Organizations tracking this threat vector should prioritize patch deployment and network segmentation to limit lateral movement post-compromise. Cyber Threat Intelligence monitoring of exploitation attempts and associated IOCs remains critical for early detection of active compromise attempts.
