{"id":1673,"date":"2020-11-24T20:56:55","date_gmt":"2020-11-24T18:56:55","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=1673"},"modified":"2026-06-08T22:53:54","modified_gmt":"2026-06-08T22:53:54","slug":"50000-companies-compromised-italy","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/emerging-threats\/50000-companies-compromised-italy\/","title":{"rendered":"50 000 companies compromised, 700 Italian organisations among them"},"content":{"rendered":"\n<p class=\"has-text-align-justify wp-block-paragraph\">During <strong>Threat Intelligence<\/strong> activities for monitoring and tracking <strong><em>Threat Actors<\/em><\/strong>, we identified activity of significant interest due to the substantial number of compromised systems\u2014approximately <strong>50 000<\/strong> globally.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">In Italy<\/h2>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">By analyzing the list of IP addresses, we determined the ownership of these systems. At least <strong><span style=\"text-decoration: underline\" class=\"ek-underline\">700<\/span><\/strong> Italian systems have been compromised, all deployed in corporate environments of medium to large-scale organizations.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-vertically-aligned-center\" style=\"grid-template-columns:59% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/11\/evidenza_1.png\" alt=\"Hacker Forum\" class=\"wp-image-1674\" loading=\"lazy\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p class=\"has-text-align-justify wp-block-paragraph\">The vulnerability could be exploited to gain access to the internal corporate network, subsequently enabling a Ransomware attack while circumventing all enterprise security controls.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/11\/evidenza_2.png\" alt=\"\" class=\"wp-image-1675\" loading=\"lazy\" \/><figcaption><strong><em>Left<\/em><\/strong>: forum post advertising the sale of compromised data<br><strong><em>Top<\/em><\/strong>: technical evidence of the vulnerability<\/figcaption><\/figure>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Vulnerability Details<\/h2>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">The presence of an IP address in the list must be interpreted as <strong><span style=\"text-decoration: underline\" class=\"ek-underline\">an already-executed compromise<\/span><\/strong>. Threat actors may already be in the preparation or initiation phase of a cyber attack. We do not exclude possible Data Breach incidents in the coming weeks linked to this attack vector.<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">The vulnerability grants complete network access to targeted organizations while bypassing all security systems. The vulnerability in question is a <strong>2018<\/strong> vulnerability classified as <strong>&#8220;Path Traversal&#8221;<\/strong> (T1190 &#8211; Exploit Public-Facing Application).<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">The vulnerability could be exploited for initial network access (T1190), followed by the deployment of a Ransomware attack. Organizations tracking this threat vector should prioritize patch deployment and network segmentation to limit lateral movement post-compromise. <a href=\"https:\/\/fortgale.com\/en\/cyber-threat-intelligence\/\">Cyber Threat Intelligence<\/a> monitoring of exploitation attempts and associated IOCs remains critical for early detection of active compromise attempts.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mass compromise impacting 50 000 organisations globally with 700 Italian entities affected: scope, exploitation chain and defensive priorities.<\/p>\n","protected":false},"author":1,"featured_media":1687,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[3236,183,3235,3234,283,350,354],"class_list":["post-1673","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-threats","tag-global-campaign","tag-intelligence","tag-italy-targeting","tag-mass-compromise","tag-ransomware","tag-threat","tag-threat-intel"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=1673"}],"version-history":[{"count":1,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1673\/revisions"}],"predecessor-version":[{"id":9882,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1673\/revisions\/9882"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=1673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=1673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=1673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}