Cyber Incident Victim: Scuola IMT Alti Studi Lucca

On May 11, 2022, a pro-Russian hacking group known as Killnet launched distributed denial-of-service (DDoS) attacks against multiple Italian institutional websites, including those of Italy’s parliament, military, National Health Institute, and Automobile Club d’Italia. The attacks caused temporary disruptions, with several websites remaining inaccessible for hours before being restored by technical teams. Killnet claimed responsibility for the incidents through Telegram channels, framing the operation as "military cyber exercises" targeting countries supporting Ukraine. Italy’s Senate President Maria Elisabetta Alberti Casellati confirmed the Senate’s external network was compromised but stated no lasting damage occurred due to immediate technical intervention. She characterized the incident as a serious episode requiring continued vigilance.

The attack mirrored Killnet’s previous DDoS campaign against Romanian government websites in late April 2022, which targeted the defense ministry, border police, and national railway in retaliation for Romania’s support of Ukraine. Killnet members explicitly linked the Italian attack to Italy’s provision of military and financial aid to Ukraine, taunting Italian and Spanish authorities in Telegram messages about future offensives. Microsoft had warned in April 2022 that Russian-aligned threat actors might expand cyber operations against nations assisting Ukraine, citing activity against NATO members like the Baltics and Turkey. While the Italian National Cybersecurity Agency did not publicly comment, the swift restoration of services and absence of reported data breaches or persistent system compromises indicated contained operational impacts. The incidents highlighted ongoing cyber retaliation risks for nations opposing Russia’s invasion of Ukraine.