Menu
Browse

Cyber Threat Actor: Anonymous Italia

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Activist
Italy
31 incidents
Profile

Ghost Italy, also known as Anonymous Italy, Antisec-Italia, Anonymous Italia and AntiSec-Italia, Anonymous Italia, and AntiSec-Italia, is an Italian‑based hacktivist collective that operates under the broader Anonymous umbrella and maintains ties to the LulzSec ITA faction. The group’s activities are confined to targets within Italy, as evidenced by repeated incidents against national airports, civil aviation authorities, hospitals, universities, government agencies, telecommunications firms, political parties, banks, job‑seeking portals, and military veterans’ associations. Their stated objectives, drawn from public statements and communiqués, include exposing systemic cybersecurity weaknesses, urging improved security practices, protesting governmental and corporate policies, demanding better labor conditions, opposing specific legislation such as ADHD medication guidelines, and criticizing defense spending; these aims are consistently framed as awareness‑raising or reform‑oriented rather than financially motivated.

The collective’s tactics, techniques, and procedures rely heavily on web‑based intrusion methods and public disclosure channels. They have repeatedly employed SQL injection to gain access to databases, as described in the compromise of the Partito Democratico’s hosting environment where attackers entered via index.html?idpg= (Payload Sql Injection). Distributed denial‑of‑service attacks have been used against regional government web portals in connection with the Trans Adriatic Pipeline project and during the #OpSafePharma campaign, with a teenager arrested for launching such DDoS traffic. Credential harvesting is evident from breaches that yielded plaintext usernames and passwords, particularly in the San Raffaele hospital incident where unsecured credential storage was noted. Exfiltrated data is typically dumped to file‑hosting services such as MEGA, Ghostbin, or Privatebin and then publicized via Twitter accounts like @lulzsecurityita to amplify impact. Defacement of websites has also been reported, notably in the 2016 operation against four Italian healthcare organizations where public sites were altered and data leaked. No specific malware families are referenced in the available material, and the group’s public affiliations are limited to the Anonymous collective and its LulzSec ITA offshoot, with no indication of state sponsorship or criminal consortium ties. Representative campaigns include the #OpSafePharma effort targeting healthcare organizations over ADHD policy, the #[NessunDorma] operation against job‑seeking portals for labor‑rights demands, the #OpBankDump action against Italian banks, the 2020 university breach series intended to highlight educational sector vulnerabilities, and the 2020 airport and ENAC incidents that disrupted services and exposed data to underscore perceived security gaps.

Incidents
Attributed incidents available to members
29 incidents
Sources
Sources available to members
13 sources