Menu
Browse

Cyber Threat Actor: LulzSecITA

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Activist
Italy
2 incidents
Profile

LulzSecITA, also known as LulzSec Italia or LulzSec Italy, is an Italian‑based hacktivist collective that has claimed responsibility for a series of cyber operations targeting organizations within Italy. The group’s aliases and its Italian location are consistently referenced across multiple open‑source reports, which describe its members as activists seeking to expose perceived failures in data protection rather than pursuing financial gain. Their stated motivation, as expressed in statements attributed to the collective, is to highlight inadequate privacy protections and to demonstrate the incapacity of those entrusted with safeguarding personal information, emphasizing that their actions are intended as exposés of security shortcomings.

The collective’s observed targeting pattern focuses on a range of Italian sectors, including telecommunications, government agencies, professional orders, environmental authorities, healthcare institutions, universities and military‑related entities. In November 2019, LulzSecITA partnered with Anonymous Italia to compromise the Regional Environmental Protection Agency in Abruzzo and Puglia, various professional orders, government offices and the telecom provider Lyca Mobile, exfiltrating approximately 5.4 gigabytes of identity documents, financial records and communications that were subsequently leaked to protest inadequate privacy safeguards. In September 2018, the group disclosed personal data, email addresses and military identification numbers of discharged Italian service members, framing the release as a protest against excessive defense spending. In February 2020, LulzSecITA claimed via Twitter to have breached three Italian universities—located in Basilicata, Naples and Rome—asserting that the intrusions were part of a longer‑term campaign to highlight weak cybersecurity practices in academia. More recently, in May 2024, the Twitter account associated with LulzSecITA announced a data breach at Milan’s San Raffaele hospital, pressed the institution to notify its data protection officer, released screenshots of the alleged intrusion and later published patient data including names, tax codes, email addresses, usernames and passwords after the hospital denied any compromise and failed to respond within the GDPR‑required 72‑hour window.

Observed tactics, techniques and procedures described in the sources include the use of Twitter to announce compromises, share screenshots of stolen data, demand accountability from victims and threaten further disclosures. The actors claim to have gained control of specific email accounts—such as the [email protected] address linked to Lyca Mobile—by exploiting vulnerabilities in the targets’ IT environments, though no specific malware families or exploit kits are mentioned in the available material. Their operations are consistently characterized as demonstrations of security weaknesses rather than attempts at financial fraud or espionage, and no public attribution to a state sponsor or criminal syndicate has been made. The group's activities remain confined to Italian targets, with public statements emphasizing a hacktivist agenda aimed at prompting better data protection practices.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
13 sources