25/03/2024
The CERT-AGID has detected the existence of a phishing page targeting users of Siatel v2.0 – PuntoFisco of the Revenue Agency, active online since the early afternoon of March 21, 2024.
Although it presents similarities with the campaign identified last year by the Revenue Agency, at the moment we do not have the email that prompts users to authenticate on the phishing page.
After inducing victims to enter their login credentials, consisting of tax code and password, the attackers then prompt the completion or uploading of a photo of the Security Matrix, associated with the set credentials. The latter proves necessary to access the following services: Punto Fisco, Anagrafe dei Rapporti, and Gestione Utenti di Punto Fisco.
Further investigations have revealed the theft of approximately 20 credentials and their corresponding security matrices, which occurred starting from yesterday, March 24, 2024.
Actions taken
- The CERT of the Ministry of Economy and Finance has been alerted
- The abuse of the domain has been reported to the competent Registrar
- The relevant Indicators of Compromise (IoC) have been disseminated
Indicators of Compromise
To facilitate countermeasures against the fraudulent campaign, below are the identified IoCs, which have already been shared with the accredited PA IoC Flow of CERT-AgID.
Link: Download IoC
Source: Original Post