View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 26, 2022updated 05 Aug 2022 7:07am

LockBit ransomware gang claims attack on Italian tax office

A deadline looms for Italy's tax office, after which the hacking gang says it will release stolen data.

By Claudia Glover

Italy’s tax office has reportedly been hacked by ransomware gang LockBit, which has set a deadline of 1 August for a ransom to be paid. If the agency does not comply, 100Gb of stolen data will be released on the dark web, LockBit says.

Italy’s tax office has apparently been subject to a ransomware attack. (Photo: Stefano_Pellicciari/iStock)

LockBit says it has given L’Agenzie delle Entrate, Italy’s tax agency, until the end of the month to pay, or the data, which allegedly includes financial reports contracts and other documents, will be published. The amount of ransom requested has not been disclosed.

The agency said yesterday that it had “requested feedback” from Sogei SPA, a state-funded organisation that manages the department’s IT infrastructure. Sogei SPA said that after a preliminary investigation it found no evidence of cyberattacks or a data breach. The organisation has said it is working with Italy’s National Cybersecurity Agency and the police in an “ongoing investigation“.

The security breach was revealed by Pierguido Lezzi, CEO of Swascan, cybersecurity arm of the business services company Tinexta Group, according to reports in Italy.

If confirmed, the attack will be the second cyberattack the Italian government has suffered in a matter of months. In May, Russian hacking group Killnet hit government agencies including its Ministry of Defence and the National Institute of Health, delivering malware and launching distributed denial of service, or DDoS, attacks.

Italian tax agency attack: Lockbit strikes again?

LockBit is now in its third incarnation, known as LockBit 3.0, having undergone several rebrands since it was first spotted in 2019.

It was the most active ransomware group in the second quarter of this year according to a report from Digital Shadows, which says it accounted for 32.88% of all incidents involving data being posted to ransomware leak sites in Q2, with 231 victims. Last month alone it took credit for more than 50 ransomware incidents, and recent victims have included French mobile phone network La Poste Mobile, and electronics manufacturer Foxconn.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Security researchers believe that the third generation of LockBit includes members of the now disbanded Conti gang. In a report from security vendor Intel 471, Brad Crompton, the company’s director of Intelligence said: “Conti had some skilled operators along the various steps of a ransomware attack. By integrating those people into their own schemes, other ransomware groups like LockBit 3.0 or ALPHV only grow stronger.”

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit

Read more: Ransomware groups are getting smaller and smarter

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.