DESFA

In August 2022, **DESFA**, Greece’s largest natural gas distributor, confirmed a **cyberattack** resulting in a **limited-scope data breach** and an **IT system outage**. The attack was executed by the **Ragnar Locker ransomware group**, a well-known threat actor with a history of high-profile breaches. While DESFA’s IT team managed to **thwart deeper infiltration**, hackers still **accessed and potentially leaked files and data**, confirming a network intrusion. The incident disrupted operations, though the full extent of the data exposure remains unclear. The involvement of **ransomware** (Ragnar Locker) suggests the attackers likely **demanded a ransom**, though DESFA did not publicly confirm payment or further operational disruptions beyond the initial breach. The attack highlights vulnerabilities in critical infrastructure, raising concerns about **energy sector security** and the broader implications of cyber threats on national utilities. The leak of internal data—even if limited—poses risks to **corporate confidentiality, operational integrity, and potential regulatory repercussions**.

Source: https://www.secureblink.com/cyber-security-news/new-donut-leaks-group-is-involved-in-a-series-of-ransomware-attacks-1

TPRM report: https://www.rankiteo.com/company/c&m-engineering-s-a-

"id": "c&m416092125",
"linkid": "c&m-engineering-s-a-",
"type": "Ransomware",
"date": "8/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'energy (natural gas distribution)',
                        'location': 'Greece',
                        'name': 'DESFA (Natural Gas Distribution Network '
                                'Operator)',
                        'type': 'government-owned enterprise'}],
 'data_breach': {'data_exfiltration': True},
 'date_publicly_disclosed': '2022-08',
 'description': "Greece's largest natural gas distributor, DESFA, confirmed a "
                'limited-scope data breach and IT system outage following a '
                'cyberattack in August 2022. Hackers attempted to infiltrate '
                "its network but were thwarted by the IT team's quick "
                'response. Some files and data were accessed and possibly '
                'leaked, indicating a network intrusion. The attack was linked '
                'to the Ragnar Locker ransomware operation, which leaked data '
                'on a Friday.',
 'impact': {'data_compromised': True,
            'downtime': True,
            'operational_impact': True,
            'systems_affected': True},
 'ransomware': {'data_exfiltration': True,
                'ransomware_strain': 'Ragnar Locker'},
 'response': {'communication_strategy': ['public statement confirming limited '
                                         'breach'],
              'containment_measures': ['quick response by IT team'],
              'incident_response_plan_activated': True},
 'threat_actor': 'Ragnar Locker',
 'title': 'DESFA Limited Scope Data Breach and IT System Outage (August 2022)',
 'type': ['data breach', 'IT system outage', 'ransomware attack']}

DESFA

Kettering Health: US Healthcare Data Breach Crisis Impacts Millions -- Security Today

Gelatissimo: Aussie ice-cream franchise Gelatissimo suffers alleged hack by DragonForce

Airbus Atlantic and STELIA Aerospace North America Inc.: STELIA Aerospace confirms cyber attack on North American systems. $2.07 million ransom issued