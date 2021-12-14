It seems that 800 GB of data have been stolen from one of the most strategic and confidential Italian companies, Sogin, a Nuclear Plant Management Company.

At the moment the company does not seem to have confirmed anything, not even a press release appears on the site, but the analysis of the first samples released by hackers on some international forums makes one fear the worst.

About 15 years of activity, with all the reports on nuclear management, plant projects, the location of deposits and much more would have been taken from some server almost certainly due to the lightness of some employee who managed “lightly”

A fact of unprecedented gravity that obviously makes the effort made by people to protect information relating to nuclear power and its waste, of vital importance, completely in vain. Even more serious when you consider that the SOGIN is a company wholly owned by the Italian Ministry of Finance, it is practically the MEF.

While the hypothesis of doubt remains alive, until there is official confirmation, the analysis of the data seems to favor the successful exfiltration: to publish the sales announcement, 250,000 euros are requested, it is the hacker himself which has already been selling stolen data to other major energy companies, and although this announcement was placed on a well-known international web forum, the real announcement, the one containing also a small excerpt of the stolen material, was posted on a less prominent Russian forum. Here the seller, who could coincide with the hacker, has published much more material and among these we find examples of reports, photos of employees, photos of sites and even projects of all kinds.

A trace of how this could have happened is provided by the file that contains the list of all the files stolen during the theft: among the file names there are also Whatsapp photos, Keys access.docx and other elements that let a computer think a lot. of an employee, a company PC but also used as a personal PC without all the necessary precautions in this case.