TG Soft Cyber Security Specialist - Vir.IT eXplorer: AntiVirus, AntiSpyware, AntiMalware, AntiRansomware and Crypto-Malware protection
Detects viruses and malwareIdentifies polymorphic viruses thanks to DEEP SCANMacro Virus AnalyzerINTRUSION DETECTION TechnologyVirus/malware removal toolsInstallation on Active Directory16/32/64 bit Real-Time ProtectionVir.IT Scan MailVir.IT Console Client/ServerVir.IT WebFilter ProtectionAutomatic Live-UpdateVir.IT Personal FirewallItalian Tech SupportAntiMalware Reserch Center

Submit suspicious file
fb rss linkedin twitter


Vir.IT eXplorer PRO pass the test VB100 2019-06



EICAR Membro SERIT - SEcurity Research in ITaly

22/11/2019 10:18:34 - Operation People1 - Orziveccho: the background of the espionage attack targeted the italian public administration

Italiano  Inglese




On 22 Novembre 2019, the Italian State Police arrested the cyber-criminal responsible for the “Orziveccho” attack, that was renamed by CNAIPIC “PEOPLE1”.

The “Orziveccho” operation was identified by TG Soft between Saturday 4th and Tuesday 7th March 2017, when was registered more spear-phishing attacks on registry services of many italian municipalities.

TG Soft published in its news page on date 06 March 2017: “Operation "Orziveccho": Italian municipalities are under attack !!!  Massive diffusion of spear phishing against italian municipalities. Who is spying Italy ?”, where was described the modus operandi used by cyber-criminal to infect the Italian municipalities.

TG Soft chose “ORZIVECCHO” as name of this operation, because it was a part of the domain name from which the malware was downloaded:, it was already used for criminal activities since 2013.

This domain would had to be assigned to Orzivecchi's municipal elementary school, but for a typing error it was registered as “orziveccho” instead of “orzivecchi” and for this reason it was dropped, but instead used by the cyber criminal for its own purposes.

Orziveccho used a remote assistance program, through which it installed a keylogger to steal the municipal employees' access credentials to enter in public administration' portals. Most of the victims have been small municipalities, but in addition to these we can also include the CAF patronages, databases of the Revenue Agency, INPS, INAIL, ACI and InfoCamere.

The cyber-criminal has used various spear phishing campaigns to target and spy Italian municipalities since 2013. TG Soft's Anti-Malware Research Centre has estimated that no less than 10% of Italian Municipalities have been targeted by this Malware-Spy.

Since 2013, the cyber-criminal of "Orziveccho" started using commercial keyloggers for his espionage operations, until he reaches real cyber security experts for implementation of RAT and keyloggers.

The purpose of “Orziveccho” was to steal personal data, tax and social security positions of unsuspecting Italian private customers and companies, in order to be resold to investigation agencies through the portal "" located in Russia.

TG Soft has declassified the confidential information on the Orziveccho operation (aka PEOPLE1).

Download full report operation PEOPLE1-Orziveccho in PDF format:

Back on top

Research Centre Anti-Malware of TG Soft 

Any information published on our website can be used and posted on other websites, blogs, forums, facebook and/or in any other form both on paper and electronically so long as you always cited source explicitly "Fonte: C.R.A.M. by TG Soft"
fb rss linkedin twitter

Legal & Eula | Privacy | Uninstall

TG Soft S.r.l. - via Pitagora 11/B, 35030 Rubàno (PD), ITALY - C.F. e P.IVA 03296130283