Police in Italy have arrested two suspects in connection with the hacking of Italian aerospace and electronics company Leonardo, according to a statement by the Interior Ministry, cited by Reuters.
The Rome-based Leonardo group also has a cybersecurity division that boasts NATO as one of its customers, and is involved in making electronic weapons and missiles.
Apprehended on Saturday, the suspected hackers, said to be a former employee and a contractor, reportedly managed to steal sensitive data from the company's computers between 2015 and 2017.
The information was stolen for "illicit goals which are still being investigated", said the police.
According to prosecutors, a former employee of the company had infected 94 computers with a specially-engineered Trojan virus from a USB stick at facilities in Pomigliano d'Arco near Naples and extracted "classified information of significant value to the company".
The malware then infiltrated 94 machines belonging to IT departments of the company’s Aerostructures and Aircraft Divisions, including 33 situated at a factory in Pomigliano d'Arco.
According to the report, some 10 gigabytes of data, including management and human resources records, information on procurement and distribution of capital goods as well as documents related to the design of civil and military aircraft were stolen.
The malware reportedly proceeded to infect over 50 computers belonging to other companies and individuals involved in the aerospace industry.
The Italian Interior Ministry statement reads:
"At the end of a complex investigation by the Naples prosecutor into a serious computer attack against Leonardo ... a former worker and a company director were arrested."
Some Italian media reports claimed that the head of the company's Cyber Emergency Readiness Team (CERT) was also placed under house arrest for allegedly manipulating evidence and tampering with the investigations.
A former consultant, Arturo D'Elia, was identified as the alleged hacker, while a company employee, Antonio Rossi, was put under house arrest, reported the Italian newspaper La Repubblica.
Leonardo claimed it had been the one to originally report the hacking attack, alerting authorities to detected suspicious data flows coming from some of its computers back in 2017.
🔴#ComunicatoStampa In merito agli odierni provvedimenti adottati dalla magistratura di Napoli, Leonardo rende noto che l’inchiesta è scaturita da una denuncia presentata dalla stessa sicurezza aziendale alla quale ne hanno poi fatto seguito altre (1/3) https://t.co/yROxjP1lOE— Leonardo (@Leonardo_IT) December 5, 2020
The firm vowed to continue to cooperate fully with the police. The company added that the suspect was a consultant, not a company employee.
Leonardo also claimed that classified, strategic information was not held on the computers that had been infected by the malware.