Cyber Incident Victim: Infomedix Odontoiatria Italiana
Date:
May 2022
Location:
Italy
Summary
A pro-Russian hacking group disrupted Italian parliamentary, military, and health agency websites through distributed denial-of-service attacks, causing temporary outages for several institutions including the Automobile Club d'Italia. The Senate confirmed no lasting damage occurred, with services restored after hours of downtime. Killnet claimed responsibility on Telegram, framing the incident as training exercises for future cyber offensives while taunting Italy over its military support for Ukraine. The group had previously targeted Romanian government sites and NATO members, with cybersecurity experts warning such attacks may escalate against nations aiding Ukraine. Microsoft highlighted Russian-aligned actors expanding operations to retaliate against countries providing military assistance.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 11, 2022, a pro-Russian hacking group known as Killnet launched distributed denial-of-service (DDoS) attacks against multiple Italian institutional websites, causing temporary disruptions. The affected entities included Italy’s parliament, military, National Health Institute (Infomedix Odontoiatria Italiana), and the Automobile Club d’Italia. The attacks rendered several sites inaccessible for hours before technicians restored functionality. Killnet publicly claimed responsibility for the incidents through Telegram channels, framing the operation as retaliation for Italy’s military and financial support of Ukraine following Russia’s invasion. The group characterized the attack as a "training exercise" for its "cyber army," explicitly threatening more severe offensives against Italy and Spain in the future.
Italy’s National Cybersecurity Agency did not publicly comment, but Senate President Maria Elisabetta Alberti Casellati confirmed the Senate’s external network was targeted. She reported no lasting damage due to immediate technical intervention, calling the incident "serious" and urging continued vigilance. The attack mirrored Killnet’s earlier DDoS campaign against Romanian defense, border police, and railway websites two weeks prior, which the group also linked to Romania’s support for Ukraine. Microsoft had warned in April 2022 that Russian-aligned threat actors might expand cyber operations against nations aiding Ukraine, citing activity targeting NATO members like the Baltics and Turkey. While service disruptions were resolved swiftly, the incident underscored Italy’s exposure to geopolitical cyber retaliation and highlighted Killnet’s pattern of attacking NATO-affiliated entities through relatively unsophisticated but disruptive DDoS tactics.