Police arrest two in data theft cyberattack on Leonardo defense corp


Italian police have arrested two people allegedly for using malware to steal 10 GB of confidental data and military secrets from defense company Leonardo S.p.A.

Leonardo is one of the world’s largest defense contractors, with 30% of the company owned by the Italian Ministry of Economy and Finance. As a multi-national company, they are headquartered in Italy but have a large presence in the United Kingdom, the United States, a

According to Italian media, police arrested one person for allegedly using USB keys to infect 94 workstations with a trojan named ‘cftmon.exe.’ This trojan was likely named after the legitimate Windows file located at C:Windowssystem32ctfmon.exe to evade detection.

The malware is said to have been used for two years, between 2015 and 2017, to steal data and send it back to a command and control server at ‘www.fuijamaaltervista.org.’

The exfiltrated data included confidential accounting information, military secrets, and aircraft designs.

“Overall, data for 10 gigabytes, that is about 100,000 files , concerning administrative-accounting management, the use of human resources, the procurement and distribution of capital goods, as well as the  design of civil aircraft components and military aircraft for the Italian and international market were exfiltrated . Also capture credentials for accessing personal information of Leonardo spa employees,”, Agi.it reports.

The head of Leonardo’s cyber-emergency team was also placed under house arrest for allegedly misrepresenting the scope of the attack and hindering the investigation.

The prosecutors state that Leonardo’s security systems did not detect the malware as it was designed by the employee and not previously seen by antivirus programs.

In response to this news, Leonardo issued a statement that they initiated the investigation after filing an official complaint with the courts.

“With regards to the current measures adopted by the Naples judiciary, Leonardo announces that the investigation comes from a complaint by the Company’s security that has been followed by others. The measures concern a former collaborator who is not an employee of Leonardo, and a non-executive employee of the Company.”