Cyber Threat Actor: NN Hacking Group
| Actor Type | Location | Known Incidents |
Criminal
|
Italy
|
1 incident |
|---|
Profile
The NN Hacking Group, alsoreferred to as the NN (No Name) Hacking Group, is a threat actor that has been publicly associated with operations originating from Italy. Public reporting identifies the group by these aliases and notes its geographic nexus to the Italian region, although no further details about its size, structure, or sponsorship have been disclosed in open sources.
In January 2018 the group was linked to a breach of a major Italian email service provider. Attackers gained access to a server holding administrative data and exfiltrated information from more than 600,000 free‑user accounts. The stolen dataset included plaintext passwords, security questions, the contents of emails with attachments, SMS messages sent via the platform, and source code for both the provider’s administrative and customer‑facing web applications. After the intrusion, the actors attempted to extort the victim and, when the ransom was not paid, offered the compromised data for sale on a dark‑web marketplace. The provider subsequently confirmed that financial information and paid business accounts remained unaffected because they were stored separately, remediated the vulnerability, notified law‑enforcement authorities, and reported the incident to data‑privacy regulators.
Observed tactics from this incident involve exploiting a vulnerability in an administrative server to obtain initial access, followed by the collection of a broad range of user‑generated and application‑level data. The group’s tooling appears focused on data exfiltration rather than destructive payloads, as evidenced by the theft of passwords, email content, SMS logs, and source code. No public attribution ties the NN Hacking Group to a state sponsor or a larger criminal consortium, and no additional campaigns or malware families have been explicitly linked to the actor in the available reporting. The known activity remains limited to the 2018 email‑provider breach and its associated extortion and data‑sale efforts.
