Cyber Incident Victim: Eurovision Song Contest
Date:
May 2022
Location:
Italy
Summary
Italian police thwarted cyber attacks by pro-Russian hacker groups targeting network infrastructure during the Eurovision Song Contest's semi-final and final events in Turin. The attacks, attributed to groups "Killnet" and "Legion," were blocked by cybersecurity teams, who also monitored the perpetrators' Telegram communications to prevent further disruptions and identified the geographic origins of the assaults. This incident followed prior cyber operations by the same groups against Italian institutional websites, including the Senate and National Health Institute, amid heightened Western cybersecurity alerts following Russia's invasion of Ukraine.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
Italian police successfully thwarted cyber attacks by pro-Russian hacker groups targeting the Eurovision Song Contest infrastructure during the event's semi-final on May 10, 2022, and its final on May 15 in Turin. The attacks occurred during critical phases of the competition, including voting procedures and live performances. Authorities identified the threat actors as the "Killnet" collective and its affiliate "Legion," who attempted to compromise network systems supporting the international broadcast event. Police cybersecurity units actively monitored the groups' Telegram communications to anticipate attack vectors and gather operational intelligence. This surveillance enabled law enforcement to block multiple intrusion attempts in real-time while identifying the geographic origins of the malicious activity. The defensive actions prevented disruption to the contest, which culminated in Ukraine's Kalush Orchestra winning with their entry "Stefania" amid strong public support following Russia's invasion of their country.
The incident occurred against heightened cybersecurity alerts across Western nations following Russia's February 24 invasion of Ukraine. On May 11, between the semi-final and final rounds, Killnet publicly claimed responsibility for compromising several Italian institutional websites, including the Senate and National Health Institute (ISS). These parallel attacks demonstrated the group's sustained focus on Italian digital infrastructure during the Eurovision period. Authorities maintained operational security throughout the contest's duration, with official confirmation of the cyber defense measures delayed until May 15 after the event concluded. The prevention of service disruptions ensured uninterrupted broadcasting to millions of viewers across 40 participating countries. Russia consistently denies involvement in offensive cyber operations, though Western security agencies had warned of potential retaliatory hacking activities following widespread sanctions imposed over the Ukraine conflict.