top of page

Subscribe to our newsletter

Mobilità di Marca Cyberattack: Disruption of Telemaco Ticketing Platform Highlights Security Vulnerabilities

  • Rescana
  • 1 day ago
  • 2 min read
Image for post about Mobilità di Marca (Mom) Cyberattack Report

Executive Summary

On April 2, 2025, Mobilità di Marca (Mom) reported a cyberattack that had been disrupting their electronic ticketing services for two days. The attack targeted Plus Service's servers, which are integral to the Telemaco platform used by Mom and other public transport companies. This disruption forced commuters and students to rely on physical tickets, increasing congestion and costs. The incident coincided with the subscription renewal period, exacerbating inconvenience. Despite ongoing efforts to restore services, technical challenges persisted due to server slowdowns.

Incident Timeline

  • March 31, 2025: The cyberattack on Plus Service's servers begins, disrupting the Telemaco electronic ticketing platform.
  • April 1, 2025: Disruption continues, impacting commuters and students as they are unable to purchase electronic tickets.
  • April 2, 2025: Service restoration efforts are underway, but difficulties persist. The attack is reported publicly.

Impact Assessment

The attack significantly impacted public transport operations, especially during the critical subscription renewal period. The reliance on physical tickets led to increased congestion and higher operational costs. The incident underscored vulnerabilities within the public transport sector's digital infrastructure.

Technical Analysis

  1. Attack Vector: The attack was directed at Plus Service's servers, disrupting electronic ticketing services for around two days. The attack forced a shift to physical ticketing methods.

  2. Malware and Tools: Specific malware or tools used in this attack were not identified in the available data, limiting technical analysis and mapping to established cybersecurity frameworks like MITRE ATT&CK.

  3. Historical Context: This incident is part of a pattern of cyberattacks targeting Italian public transport infrastructure, similar to the Trenitalia incident in December 2024. The absence of identified threat actors highlights the need for continued vigilance and improved defenses.

  4. Targeting Patterns: The timing of the attack, during a critical subscription renewal period, suggests a strategic attempt to maximize disruption by exploiting sector-specific vulnerabilities.


Official Disclosures

Giacomo Colladon, President of Mom, acknowledged the surprise caused by the attack and emphasized ongoing efforts to restore service amid server slowdowns.


References


bottom of page