Cyber Incident Victim: Agenzia Mobilità s.r.l.
Date:
Feb 2025
Location:
Italy
Summary
The pro-Russian hacker group NoName057 launched distributed denial-of-service attacks against multiple Italian public sector websites, including those of the city of Reggio Emilia, the Marche and Molise regions, and municipalities in the Aosta Valley and Campania. The attacks caused temporary outages and slowdowns, but no data theft was reported and critical services such as regional health booking systems remained unaffected. The national cybersecurity agency confirmed the attacks are part of a broader campaign to manipulate public opinion and praised the effective response of the affected sites in mitigating the impact.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the morning of Wednesday, February 26, 2025, the official website of the Comune di Reggio Emilia became inaccessible due to a cyberattack. The attack, which resulted in the portal going offline, was later claimed by the pro-Russian hacker collective NoName057. According to statements from the municipality, the disservice was progressively resolved and the platform returned to full operation because the underlying system withstood the assault. This incident is part of a broader wave of attacks targeting Italian institutional websites, as highlighted by local authorities.
The NoName057 group has been conducting a sustained campaign against Italian public sector digital services for at least ten days, as indicated by the director general of the Agenzia per la cybersicurezza nazionale (Acn). In addition to Reggio Emilia, the group explicitly announced attacks on the websites of the Regione Marche, Regione Molise, the municipalities of Allein and Aymavilles in the Val d'Aosta region, and the city of Giugliano in Campania. The Acn has assessed that NoName057 is employing distributed denial-of-service (DDoS) tactics with the intent to manipulate Italian public opinion. Despite the coordinated nature of these attacks, the affected institutions have demonstrated resilience in their defensive responses.
Bruno Frattasi, director general of Acn, addressed the situation during the Festival dell'Intelligenza Artificiale in Milano, providing insights into the threat landscape. He confirmed that while DDoS attacks do not involve data exfiltration, they can disrupt public services and erode trust. Frattasi emphasized that the targeted sites, including that of Reggio Emilia, have reacted effectively, containing the impact and restoring functionality. He also clarified the distinct role of artificial intelligence in cybersecurity, noting that AI technologies are primarily associated with ransomware attacks rather than DDoS, but that Acn has begun leveraging AI to anticipate and prevent cyber threats. Specifically regarding the Regione Marche portal, the attack caused only slowdowns, yet the site was temporarily suspended to allow comprehensive restoration. Importantly, no data breaches occurred, and essential healthcare services such as the Cup remained untouched. The incident underscores the persistent threat posed by hacktivist groups and the importance of robust, adaptive security measures in safeguarding public digital infrastructure.