Cyber Incident Victim: Ministero dell'Economia e delle Finanze
Date:
Mar 2023
Location:
Italy
Summary
A cyberattack targeted several Italian government institutions, including the Ministry of Economy and Finance, alongside postal police and transport ministry portals. While defensive measures successfully repelled intrusions against these primary targets, attackers compromised the website of Rome's public transport operator ATAC. The breach affected ATAC's online presence but did not disrupt actual transportation services or operational systems. Authorities confirmed the isolated nature of the website compromise, with no broader functional impacts reported across the targeted entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 22, 2023, Italian governmental institutions faced a coordinated series of cyberattacks targeting multiple online portals. The incidents affected the electronic systems of the Postpolizei (Postal Police), the Ministry of Transport, and the Ministry of Economy and Finance. According to the Postpolizei, which holds national responsibility for cybersecurity, these intrusion attempts against the three primary government targets were successfully mitigated through defensive measures. Concurrently, attackers compromised the website of ATAC, Rome’s public transport operator, though the breach appeared limited to its public-facing web presence. Initial investigations revealed no immediate evidence of operational system disruptions across any targeted entity, with authorities confirming all attacks were isolated to digital infrastructure rather than physical control systems. The chronology suggested near-simultaneous targeting of government and transit entities, though attribution and technical specifics of the attack vectors remained undisclosed by investigators at this stage.
The impacts manifested primarily as temporary service interruptions to online portals during the active attack period. For the Ministry of Economy and Finance, this involved restricted access to its public website, though backend financial systems and data repositories reportedly remained uncompromised. ATAC confirmed its website experienced defacement or downtime but emphasized that metro, bus, and tram operations continued unaffected, with no passenger safety or scheduling consequences. Response actions centered on the Postpolizei’s containment protocols, which involved isolating targeted systems, deploying countermeasures to repel live attacks, and conducting forensic analyses to identify intrusion points. ATAC initiated restoration procedures for its website while maintaining analog passenger information systems as backups. No ransomware payloads, data exfiltration claims, or persistent threats were disclosed by official sources in the immediate aftermath, with recovery efforts concluding within hours for government portals and within days for ATAC’s digital platforms.