{ "id": "0f17f758-3082-46ef-bcb8-5e67328c7ead", "created_at": "2026-04-06T00:16:30.264594Z", "updated_at": "2026-04-10T03:29:39.909768Z", "deleted_at": null, "sha1_hash": "39979981ef76c231da53bf58bf852054cb256e05", "title": "BlackCat ransomware claims attack on Italian energy agency", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2380705, "plain_text": "BlackCat ransomware claims attack on Italian energy agency\r\nBy Sergiu Gatlan\r\nPublished: 2022-09-02 · Archived: 2026-04-05 21:23:04 UTC\r\nThe BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy's energy agency\r\nGestore dei Servizi Energetici SpA (GSE) over the weekend.\r\nGSE is a publicly-owned company that promotes and supports renewable energy sources (RES) across Italy.\r\nA GSE spokesperson disclosed that its website and systems were taken down to block the attackers from gaining access to\r\nthe data after detecting the attack on Sunday night—GSE's website is still down, almost a week after the incident.\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-italian-energy-agency/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-italian-energy-agency/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nCybersecurity authorities and police in Italy are still investigating the attack and looking into what data was compromised\r\nduring the incident, GSE told Bloomberg.\r\nBefore GSE's disclosure, the BlackCat ransomware group added a new entry to its dark web data leak site claiming to have\r\nstolen roughly 700GB of files from the Italian energy agency's servers.\r\nThe attackers say that the stolen files contain confidential data, including contracts, reports, project information, accounting\r\ndocuments, and other internal documentation.\r\nThis attack follows another incident involving Eni SpA, the largest energy company in Italy, with more than 31,000\r\nemployees that operates in national and international markets.\r\nEni SpA also revealed that it was recently hacked as part of a cyberattack the firm said had minor consequences on its\r\noperations.\r\nEarlier this year, BlackCat also said it was behind ransomware attacks against Creos Luxembourg S.A., a natural gas\r\npipeline and electricity network operator from central Europe, and the German petrol supply firm Oiltanking.\r\nGSE's site is still down (BleepingComputer)\r\nA Darkside/Blackmatter rebrand\r\nThe BlackCat/ALPHV ransomware operation was launched in November 2021 and is believed to be a rebrand of the\r\nDarkSide/BlackMatter gang.\r\nThe ransomware gang first gained notoriety as DarkSide after attacking the Colonial Pipeline and landing in the crosshairs\r\nof international law enforcement.\r\nAlthough they rebranded as BlackMatter in July 2021, they were quickly forced to shut down again in November, after the\r\ngang's servers were seized and Emsisoft found and exploited a weakness in the ransomware to create a decryptor.\r\nThis group is considered one of the most significant ransomware threats currently targeting enterprises worldwide.\r\nSo far, it has been linked to attacks against companies such as the Swissport airline cargo handling services provider and the\r\nMoncler fashion group.\r\nMore recently, BlackCat has also been evolving its extortion tactics, launching a new searchable database of stolen data that\r\nmade the group's double-extortion attacks even more damaging for victims.\r\nIn April, the FBI warned that BlackCat has \"extensive networks and experience with ransomware operations\" as they had\r\nbreached more than 60 entities worldwide between November 2021 and March 2022.\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-italian-energy-agency/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-italian-energy-agency/\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-italian-energy-agency/\r\nPage 4 of 4\n\nmade the group's In April, the FBI double-extortion warned that BlackCat attacks even more has \"extensive damaging for networks and victims. experience with ransomware operations\" as they had\nbreached more than 60 entities worldwide between November 2021 and March 2022.\n Page 3 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-attack-on-italian-energy-agency/" ], "report_names": [ "blackcat-ransomware-claims-attack-on-italian-energy-agency" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434590, "ts_updated_at": 1775791779, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/39979981ef76c231da53bf58bf852054cb256e05.pdf", "text": "https://archive.orkl.eu/39979981ef76c231da53bf58bf852054cb256e05.txt", "img": "https://archive.orkl.eu/39979981ef76c231da53bf58bf852054cb256e05.jpg" } }