Italian police have arrested two people allegedly responsible for stealing no less than 10 GB of confidential information and military secrets from the Italian aerospace and electronics group Leonardo S.p.A.

According to a press release published by the Italian police, the two people are a former employee and a manager of the aforementioned company. The former employee is suspected of unauthorized access to the computer systems, unlawful interception of electronic communications, and unlawful processing of personal data, while the latter allegedly attempted to hinder the investigation and cover the crime.

The police said the duo orchestrated a “serious attack on the IT structures of the Aerostructures Division and the Aircraft Division of Leonardo SpA.”

The investigation revealed that the attack was carried out by the Leonardo’s IT security manager Arturo D'Elia, who is currently in jail.

In January 2017, the internal cybersecurity structure of Leonardo SpA reported anomalous network traffic, outgoing from some workstations of the Pomigliano D’Arco plant. The traffic was generated by a trojan named 'cftmon.exe' and was redirected to a web page “www[.]fujinama[.]altervista[.]org.”

According to the police, the malware have been used for two years, between 2015 and 2017, to steal data and send it back to the command and control server. One of the two suspects allegedly used USB keys to infect 94 workstations with the malware, 33 of which were located at the Pomigliano D’Arco plant.

The suspects allegedly stole 10 GB of data, equal to approximately 100,000 files, from the 33 infected workstations, related to the use of human resources, the procurement and distribution of capital goods, the design of components for civil aircraft and military aircraft for the domestic and international market, as well as the access credentials and other personal information of Leonardo employees.

The head of Leonardo's cyber-emergency team was also placed under house arrest for allegedly misrepresenting the scope of the attack and hindering the investigation.

The police said that Leonardo's security systems did not detect the malware as it was designed by the employee and not previously seen by antivirus solutions.