Over on SuspectFile, Marco A. De Felice writes:
In August 2023, Postel S.p.A., a leading Italian company in the postal services and digital communications sector, became the victim of a serious cyberattack. The Medusa cybercriminal group exploited unresolved vulnerabilities in the company’s systems, gaining access to a large amount of sensitive data. This breach raised significant concerns among both customers and regulatory authorities, eventually leading to a €900,000 fine imposed by the Italian Data Protection Authority (DPA).
The attack on Postel S.p.A. was enabled by the exploitation of three specific vulnerabilities, all linked to Microsoft Exchange Server software, a widely used platform for corporate communications and email management.
Read more of his analysis at SuspectFile.