Menu
Browse

Cyber Threat Actor: Nova

Actor Type Location Known Incidents
 Icon
Criminal
2 incidents
Profile

The threat actor known as Nova has operated under this singular alias in publicly documented incidents. This group gained recognition through a ransomware attack against the Comune di Pisa, an Italian municipal government entity, demonstrating a focus on local administrative targets. Their operation against Pisa involved the theft of approximately 2TB of sensitive data followed by system encryption, employing dual extortion tactics to pressure the victim into paying ransom demands. This approach simultaneously disrupted municipal operations and threatened public data exposure, indicating a financially motivated objective rather than purely disruptive or espionage-driven goals. The group publicly claimed responsibility for the attack shortly after deploying ransomware, suggesting a pattern of leveraging publicity to amplify victim coercion.

Nova's targeting appears concentrated on governmental entities within Italy based on the Pisa compromise, though broader regional or sectoral patterns remain unconfirmed due to limited publicly attributed operations. The group's tactics center on combining data exfiltration with encryption-based attacks, though specific initial access vectors and malware families remain unspecified in available reporting. Their operational style emphasizes rapid execution—deploying encryption shortly before public claims—to maximize disruption before defensive measures can be implemented. The 2TB data exfiltration from a single municipality suggests deliberate targeting of entities managing substantial public records, potentially increasing leverage in extortion attempts.

The Comune di Pisa incident stands as Nova's only publicly confirmed operation to date, with no verified affiliations to state actors or criminal consortiums documented in open sources. This attack caused tangible operational disruptions to municipal services while threatening exposure of citizen data, reflecting the group's reliance on psychological pressure alongside technical impacts. The absence of claimed attacks before or after this incident leaves Nova's longer-term capabilities and scope undefined within available evidence. Their demonstrated methodology aligns with contemporary ransomware trends prioritizing financial gain through layered extortion against vulnerable public sector infrastructure.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
0 sources