Cyber Incident Victim: Ministero delle imprese e del Made in Italy
Date:
May 2023
Location:
Italy
Summary
A cyberattack targeted an Italian government ministry responsible for enterprise and manufacturing, causing its institutional portal and connected applications to become unavailable. While initial assessments indicated no data compromise or theft occurred, technical teams worked to mitigate the attack's effects with no clear timeframe for full service restoration. The ministry coordinated with the national cybersecurity agency to minimize disruptions to citizens and businesses. The incident forms part of a broader pattern of cyber offensives against institutions and major state-owned companies, which investigators attribute to geopolitical tensions linked to support for Ukraine. Italian authorities, including the Postal Police under Rome's prosecutor's office, are investigating these recurring attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 26, 2023, the Italian Ministry of Enterprises and Made in Italy (Mimit) experienced a cyberattack that disrupted its digital services. The attack rendered the ministry’s institutional portal and connected applications inaccessible starting that morning. Mimit confirmed the incident through an official statement, clarifying that preliminary investigations found no evidence of data compromise or theft. Technical teams immediately engaged in mitigation efforts to address the attack’s consequences, though the ministry cautioned that recovery timelines remained unpredictable. Service restoration efforts prioritized minimizing disruptions for citizens and businesses reliant on the affected platforms. Mimit maintained continuous coordination with Italy’s National Cybersecurity Agency throughout the incident to streamline response actions and provide public updates. The attack caused operational paralysis of critical public-facing systems but did not escalate to confirmed data exfiltration based on initial forensic assessments.
The incident occurred within a broader pattern of cyber operations targeting Italian state entities and major corporations over preceding months, as documented in an ongoing investigation by Rome’s Public Prosecutor’s Office at Piazzale Clodio. Law enforcement sources indicated these attacks correlated with Italy’s geopolitical alignment supporting Ukraine, with threat actors launching periodic offensive campaigns against nations exhibiting such stances. The Postal Police, under prosecutorial direction, was actively investigating this attack as part of the wider case file documenting similar intrusions. While attribution specifics remained undisclosed, investigative focus centered on identifying potential connections to prior incidents against Italian infrastructure. The ministry’s public communications emphasized transparency regarding service disruptions while withholding technical details that could compromise operational security or the ongoing criminal probe.