In recent days, StormouS published over 30 GB of documents from Teleco srl (Teleco) on its .onion blog. Teleco is a company with its registered office in Rome and its Technological Hub in Elmas, in the province of Cagliari.
Teleco offers its clients services such as:
- Security Strategy, Risk & Compliance
- Integrated Cybersecurity
- ICTM Infrastructure (Information and Communication Technology Management)
- Safety
The total amount of data that the ransomware group claims to have exfiltrated from Teleco’s servers is said to be 100 GB.
From the information we have managed to obtain, it appears that there were (brief) contacts between Teleco and the ransomware group, which ultimately led to nothing. StormouS has informed us that if the situation remains unresolved in the coming days, they will publish the remaining documents stolen by their affiliate during the ransomware attack on their website.
SuspectFile.com has had the opportunity to verify the quality of the documents published so far by the group, which include identification documents and some PHI (Protected Health Information) documents of the Italian company’s employees. Below is a list of the types of data currently in the hands of the cybercriminals:
- Identity documents
- SSNs (Social Security Numbers)
- Passports
- Medical documents
- CVs
- Employment letters
- Contracts
- Invoices
- Payment notices
- Badges
- Notarial deeds
- Legal documents
In recent days, we sent an email to Teleco’s Data Protection Officer (DPO) and another company account to request a statement on the matter. So far, we have not received a response.
SuspectFile.com will continue to monitor the situation and provide updates as new details emerge.