Inquiry Green Pass false: links with Russia, with a timeline and the Kit cracked

Posted by

This analysis wants to be a recap of everything we know so far about this story of the generation of the Green Pass false, in parallel to what is happening to the processing of data relating to certification of green in privacy, in just the last few days, I am referring to in this last case, the story of the Green Pass downloadable online via the website and via eMule.

Beginning immediately, with a timeline (in aggiornamento) per tracciare un punto di partenza, con l’analisi, ripercorrendo le tappe fino a oggi (cercando di rispettare le fonti).

  • 01 August 2021: supply chain/IT management (Lazio Create) of the Region of Lazio attacked by ransomware.
  • 15 October 2021arrests in Catania, sold in exchange for Bitcoin, the Green Pass on Telegram, closed the first channels.
  • 27 October 2021: sprouting early Green Pass fakebut valid, Hitler, Mickey mouse, etc.
  • October 30, 2021: Claudio Are discovered and reported to the store with 62 Green Pass Italian citizens, available online at RF.
  • 03 November 2021: claim of a possible attack on the Ministry of Health, through the old CVE't fixata.
  • 04 November 2021: here comes a new Green Pass the false, but valid, to Bettino Craxi.
  • 06 November 2021: MatriceDigitale warn 2200 Green Pass circulating from Telegram, which, net of duplicate give place to the availability of 1100 certifications in PDF.
  • 07 November 2021: I discovered personally on eMule we are sharing PDF and zip/rar containing Green Pass, Italian citizens, authentic, and functional.
  • 08 November 2021: arresto di Genova, ragazzo 17enne collegato a gruppo russo, vendeva Green Pass su Telegram (> 20K euro, giro d’affari)
  • November 20, 2021: there's a bomb in journalism and praise the sensational discovery of the case eMule, it also intervenes in the GPDP, which initiates an investigation.
  • 24 novembre 2021: analisi per la verifica del contenuto dei Green Pass collezionati insieme ai 1000 già noti, appurato che in realtà siano 764 validi.

But what does Russia?

After this summary of how things have gone so far, between these dates, we have also addressed other topics, and also open to other surveys on the topic. Specifically, I have concentrated so much on the connections between the story of the generation of the Green Pass false (with keys potentially stolen in the EU member states) and the groups known to Russian operators. I spoke, for the first time, very detail in the inquiry that investigates the relationships between the various attacks on the national health system (30 October); and then relaunch with the most recent the investigation leading to the arrests of Genoa (10 November).

Today, I am here again to write and do the analysis, for a simple reason, there is another link between the events I just listed.

Via Claudio and this article Michele Pinassi, I came to know of new items. It has to be mentioned here, in fact, for the first time an archive that contains a KIT of cracking the system of certification the green EU. I decided immediately to go into and see things clearly.

Inside this archive, for the moment, you can say that there are no big news: we find the usual 2200 certification in PDF format (that low-fat products, as we have seen, are the 1000 already known, Italian); a clone of the GitHub app VerificaC19, remember to be open source to be available to the government on account of the official Italian (potentially useful to generate the APK altered, for illegal use of this application); and an other clone of the GitHub official of the Israeli Health Ministry, with his project called Ramzor.

There's nothing striking. What I would like to convey the focus of this article is the way of presentation of this project. It all starts with a post 20/11, within a discussion has already been started from 18 November in the usual forum, in which you dictate the time, for the story, which now is working slow-release, more than a month.

The forum post that shares the KIT cracked.

You speak quietly of new applications to be spread that they are almost ready, and other leaks about the Green Pass, which will be fully released before the end of the year. So definitely a story to follow, up to the end, as we did, to come, perhaps, in the final stages, and connecting all the pieces of this mysterious, slow-release, test, finally, if all of the previous analysis will be able to have a sense for it to exist.

The KIT contents shared on the forum

Here is the site used for the dissemination of this archive is a typical channel in the Russian language. Another signal that there must surely be thinking, with respect to the news learned so far (including the last recent arrest of Genoa).

For those who do not have the desire and time to go and read my previous analysis reported on, I summarize the scenario resulting from the material accumulated so far on this story, with the main points you need to reconnect:

It may be a party all by attack of the Lazio Region (LazioCrea), on the computer of the chain IT is useful to the management of the booking the vaccine. Reclaimed the situation, could have insisted on an APT attack on the same infrastructure. From a series of clues you get to bring the operation to xGroup (Russian group funded by the State) who, through affiliations with local and co-ordinates the operation around Europe, and also in Italy, with smaller groups that operate on Telegram (for the final work and the dialogue with the buyer). xGroup could have the private keys of any european State, and with small releases lenses is about whether the story. Let us not forget that groups of this magnitude are perfectly capable of dealing with the police and special teams of any Country in the difficult that it cannot happen to Italy.

Quote very simplistic, three detailed articles with historical analysis on found materials, the above-mentioned

But this is my vision of the current scenario. Expect to end up releases to understand where this story will end, and if it really is going to explode a bomb cyber against Europe. One thing however is certain, and is not subject to the interpretations of investigation: our infrastructure system that is national has a lot of difficulty and the gap that should be urgently filled. In recent months there have been attacks in every corner of the Public Administrations, Municipalities, associations of Municipalities, large companies private Italian Local Health units, local Health authorities and Provincial Hospitals. All thanks to the already known vulnerabilities, which are solvable but not resolved. These are real problems, that produce real consequences, and that in other countries, is not too far away, are already by die people. The healthcare sector is perhaps the most sensitive of the State, also in full pandemic, the sensitivity can increase, if this is compromised, or suspended, produces an effect, that may (and elsewhere have been), be very serious.

2 comments

Want to comment on? Turn on the discussion