Cyber Incident Victim: Consiglio Superiore della Magistratura
Date:
Mar 2023
Location:
Italy
Summary
The Italian High Council of the Judiciary was targeted in a distributed denial-of-service (DDoS) attack by the pro-Russian hacktivist group NoName057(16), resulting in temporary website unavailability without compromising data confidentiality or integrity. The attackers publicly claimed responsibility via Telegram, mocking Italian cybersecurity officials for perceived response failures and referencing prior disruptions to other government sites. The group employed "Slow HTTP Attack" techniques to overwhelm the server by maintaining incomplete connections, highlighting systemic challenges in Italy's cybersecurity posture. Public criticism focused on perceived institutional inefficiencies in mitigating such attacks, including delays in cloud or hardware remediation and a lack of preparedness culture. The incident underscores concerns about enabling infrastructure vulnerabilities to basic attacks impacting service availability.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 19, 2023, the pro-Russian hacktivist group NoName057(16) launched a distributed denial-of-service (DDoS) attack against the website of Italy's High Council of the Judiciary (Consiglio Superiore della Magistratura - CSM). The group publicly claimed responsibility through their Telegram channel, sharing a link to a hosting verification service (check-host.net) as proof of their disruption efforts. They employed a "Slow HTTP attack" technique that exploits protocol vulnerabilities by sending incomplete HTTP requests to overwhelm the server, keeping connections open for extended periods to prevent legitimate traffic. This attack followed a pattern of previous DDoS campaigns against Italian government targets, including the Ministry of Labor and Ministry of Defense websites. NoName057(16) accompanied their announcement with mocking statements directed at Italian cybersecurity officials, referencing Bruno Frattasi (director of the National Cybersecurity Agency) and Rome's chief prosecutor Francesco Lo Voi, whom they claimed had unsuccessfully investigated their prior activities for weeks.
The attack rendered the CSM website temporarily inaccessible but caused no compromise of data confidentiality or integrity, as DDoS attacks exclusively target system availability. The incident highlighted institutional response challenges, with the publication Red Hot Cyber noting the website remained unprotected through two weeks of continuous attacks, suggesting possible systemic issues such as bureaucratic procurement delays or insufficient response protocols. NoName057(16)—active since March 2022—historically targets nations opposing Russia's geopolitical interests, focusing on government agencies and critical infrastructure through DDoS campaigns supplemented by threat letters to journalists in some cases. While CSM's specific mitigation measures weren't detailed in available reporting, the group emphasized their attacks test organizational resilience against basic threats as preparation for more sophisticated intrusions. Analysis revealed that despite public awareness and clear attribution, Italian institutions struggled to implement timely cloud-based or hardware solutions to counter such disruptions.