Cyber Incident Victim: NoName057(16)
Date:
Dec 2022
Location:
Italy
Summary
A pro-Russian hacker group targeted the Italian Ministry of Defense's e-learning platforms with a DDoS attack, rendering eight of nine websites temporarily inaccessible, though one was later restored without system compromise. The group publicly claimed responsibility via Telegram, framing the attack as punitive. This incident follows prior disruptions by the same actors against another Italian government ministry and aligns with broader patterns of Kremlin-linked cyber operations targeting Italian institutional websites, including previous attacks by groups such as Legion and Killnet on foreign affairs, cultural heritage, and police portals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 15, 2022, the pro-Russian hacker group NoName057(16) publicly claimed responsibility for a cyberattack targeting Italy’s Ministry of Defense. The group announced the operation via its Telegram channel, explicitly stating its intent to "punish" the Italian military’s e-learning infrastructure. The attack focused on nine websites affiliated with the ministry and dedicated to distance learning platforms. By the following day, eight of the nine listed sites remained unreachable online, exhibiting symptoms consistent with a distributed denial-of-service (DDoS) attack designed to overwhelm systems and disrupt service availability. Only the SIAC portal—an automated identification system for material codification—had been restored and was accessible at the time of reporting. No evidence indicated system compromises or data breaches beyond the temporary service outages. This incident followed a similar pattern to NoName057(16)’s earlier attack against Italy’s Ministry of Agricultural Policies several weeks prior, which had also forced its website offline for multiple hours.
The incident occurred within a broader context of repeated DDoS campaigns against Italian government entities by pro-Kremlin cyber groups throughout 2022. In May of that year, the hacker collective Legion disrupted the websites of Italy’s Foreign Affairs Ministry and Cultural Heritage Ministry using similar DDoS tactics. During the same period, the Killnet group—later linked to an attack on the European Parliament’s website—temporarily disabled the Italian State Police’s online portal. These incidents collectively demonstrated a sustained focus on Italian institutional targets, with NoName057(16)’s December attack representing an escalation against defense-related training infrastructure. Restoration efforts for the affected e-learning portals beyond SIAC were not detailed in available reports, though the absence of reported data exfiltration or persistent system damage suggested a primary impact of temporary operational disruption to military distance learning services.