A few weeks ago, the Femwar02 group paralyzed La Sapienza University of Rome, blocking 400 servers and affecting hundreds of thousands of students, with personal data released on the dark web.
Internal AffairsItaly
- Error detected
- Timing: the attack happened in early February 2026, not 'a few weeks' before the May 2026 session.
Magnitude: 'hundreds of thousands of students' overstates the enrollment of La Sapienza, which is approximately 115,000–120,000.
- Omissions
- Timing error: the cyberattack occurred around 2 February 2026, approximately 3.5 months before the speech on 19 May 2026, not 'a few weeks ago'.
- Student count: La Sapienza University enrolls approximately 115,000–120,000 students, not 'hundreds of thousands' (which in standard usage implies at least 200,000). 'Over one hundred thousand' would be more accurate.
- Dark web claim: while the university confirmed a personal data breach in its official resolution, independent confirmation that the data was actually published on the dark web was not found in available sources.
- The attack was attributed to the BabLock ransomware variant; Femwar02 is the threat actor group, not necessarily the malware name.
- Sources
- PrimarySapienza University of Rome – Official ResolutionThe attack involved approximately 400 servers (both physical and virtual), causing the disruption of key university services. The resolution also communicates to all data subjects who have provided personal data to Sapienza, confirming a data breach.
- PrimaryMalpedia (Fraunhofer FKIE)Femwar02 is a previously unknown pro-Russian ransomware threat actor that emerged in early 2026, linked to a major cyberattack on Italy's Sapienza University.
- SecondaryTechCrunchAn alleged ransomware attack took down the systems of Sapienza University of Rome, one of Europe's largest universities, knocked offline for days.
- SecondarySecurity AffairsRome's La Sapienza University was hit by a cyberattack that disrupted IT systems and caused widespread operational issues.