Cyber Incident Victim: NoName057(16)

On March 22, 2023, the pro-Russian hacktivist group NoName057(16) conducted a distributed denial-of-service (DDoS) attack against multiple Italian institutional targets, including the Ministry of Transport, the national transport regulatory authority, and ATAC (Rome's public transport company). The group claimed responsibility via social media, posting a message that referenced Italy's training of Ukrainian soldiers on Samp-T missile systems and criticized Prime Minister Giorgia Meloni's stance on Ukraine negotiations. This attack rendered the targeted websites temporarily inaccessible to users. It formed part of an ongoing campaign against Italy that began following Meloni's visit to Kyiv in February 2023, with prior attacks disabling websites belonging to the Carabinieri military police, Foreign Ministry, Defense Ministry, and the Superior Council of Magistrates (CSM), which had suffered multiple disruptions in preceding weeks. The most recent attack before March 22 occurred the prior Sunday.

NoName057(16), established in March 2022 following Russia's invasion of Ukraine, specializes in DDoS attacks against governments and critical infrastructure supporting Ukraine. The Italian National Cybersecurity Agency (ACN) confirmed full restoration of all affected sites by March 22 and provided targeted entities with protective recommendations. Security firm Yarix characterized these attacks as temporary service disruptions rather than data-compromising breaches, noting they primarily cause operational inconvenience and reputational damage rather than permanent system compromise. The group simultaneously targeted Japan and Spain during this period, maintaining its pattern of attacking nations perceived as opposing Russian interests, including previous operations against Poland, Baltic states, Slovakia, Norway, and Finland. The attacks coincided with leadership changes at ACN, as Bruno Frattasi had recently replaced Roberto Baldoni as director.