{
	"id": "eabd4a83-6b6f-4322-b91a-2cba93a2903b",
	"created_at": "2026-04-06T00:13:26.002887Z",
	"updated_at": "2026-04-10T03:20:41.176289Z",
	"deleted_at": null,
	"sha1_hash": "a69962f583487cbc82740665a7f7d0ec1918e48e",
	"title": "Italian university La Sapienza goes offline after cyberattack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3421626,
	"plain_text": "Italian university La Sapienza goes offline after cyberattack\r\nBy Bill Toulas\r\nPublished: 2026-02-05 · Archived: 2026-04-05 14:52:32 UTC\r\nRome’s “La Sapienza” university has been targeted by a cyberattack that impacted its IT systems and caused widespread\r\noperational disruptions at the educational institute.\r\nThe university first disclosed the incident in a social media post earlier this week, saying that its IT infrastructure \"has been\r\nthe target of a cyberattack.\"\r\n“As a precautionary measure, and in order to ensure the integrity and security of data, an immediate shutdown of network\r\nsystems has been ordered,” the organization said.\r\nhttps://www.bleepingcomputer.com/news/security/italian-university-la-sapienza-goes-offline-after-cyberattack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/italian-university-la-sapienza-goes-offline-after-cyberattack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nOriginal statement about the cyberattack\r\nSource: BleepingComputer\r\nThe university, which is Europe’s largest by number of in-campus students, with over 112,500 enrolled, notified the\r\nauthorities of the incident and formed a technical task force to initiate remediation and restoration procedures.\r\nAs of writing, the university’s website remains offline, and new status updates published on Instagram reflect a continued\r\neffort to recover from the cyberattack.\r\nAs of yesterday's announcement, temporary “infopoints” have been set up for students to provide information accessible\r\nthrough digital systems and databases that are currently unavailable.\r\nAlthough the university has not disclosed much information about the attack type or the perpetrators, Italian newspaper\r\nCorriere Della Sera claims that the incident is a ransomware attack perpetrated by a pro-Russian threat actor called\r\nFemwar02 and resulted in data encryption.\r\nThe outlet released the information based on malware characteristics and operational patterns, which are similar to the\r\nBablock/Rorschach ransomware.\r\nThis is a ransomware strain that first appeared in 2023, featuring fast encryption speeds and extensive customization\r\noptions. Cybersecurity company Check Point estimated that it was a project built from bits of the leaked sources of Babuk,\r\nLockBit v2.0, and DarkSide.\r\nAccording to Corriere Della Sera’s sources, a ransom exists, but the university staff has not opened it to avoid triggering the\r\n72-hour timer. Hence, the ransom amount hasn’t been specified.\r\nCurrently, the university’s technicians are working together with Italian CSIRT and specialists from Agenzia per la\r\nCybersicurezza Nazionale (ACN) and the Polizia Postale to restore the systems from backups, which have reportedly not\r\nbeen impacted.\r\nAlthough Rorschach does not operate an extortion portal on the dark web, stolen data could be disseminated or sold to data\r\nextortion groups, so the risk of it ending up online remains significant.\r\nGiven the situation, students and staff at Sapienza University of Rome should remain on high alert for phishing attacks,\r\navoid clicking links in unsolicited communications, and monitor accounts for suspicious activity.\r\nhttps://www.bleepingcomputer.com/news/security/italian-university-la-sapienza-goes-offline-after-cyberattack/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/italian-university-la-sapienza-goes-offline-after-cyberattack/\r\nhttps://www.bleepingcomputer.com/news/security/italian-university-la-sapienza-goes-offline-after-cyberattack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"MISPGALAXY"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/italian-university-la-sapienza-goes-offline-after-cyberattack/"
	],
	"report_names": [
		"italian-university-la-sapienza-goes-offline-after-cyberattack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434406,
	"ts_updated_at": 1775791241,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a69962f583487cbc82740665a7f7d0ec1918e48e.pdf",
		"text": "https://archive.orkl.eu/a69962f583487cbc82740665a7f7d0ec1918e48e.txt",
		"img": "https://archive.orkl.eu/a69962f583487cbc82740665a7f7d0ec1918e48e.jpg"
	}
}