Cyber Incident Victim: NoName057(16)

On July 31, 2023, pro-Russian hacking group NoName057(16) initiated distributed denial-of-service (DDoS) attacks against Italian institutions, continuing these operations into August 1. The group publicly claimed responsibility via Telegram, accusing Italian authorities of Russophobia and condemning their support for Ukraine. Italy’s cybersecurity agency confirmed attacks targeting at least five banks, including Intesa Sanpaolo, the nation’s largest bank. The attackers employed the DDoSia toolkit to overwhelm websites with junk traffic, rendering them inoperable. Beyond the financial sector, NoName057(16) asserted compromises against an Italian water supply company, a national business newspaper, and a public transport website, all of which remained offline during the article’s publication. The group framed the operation as retaliation against Italy’s geopolitical alignment, mirroring its prior campaigns against Ukraine-allied nations.

The attacks caused service disruptions but were assessed by cybersecurity firm SentinelOne as producing short-lived operational impacts with minimal broader consequences. NoName057(16)’s modus operandi centered on DDoS assaults against entities in countries opposing Russia, leveraging Telegram for claims and threats. Historical precedents included January 2023 attacks on Czech presidential candidate websites and March 2023 strikes against Poland’s tax service. Researchers from Sekoia linked the group’s target selection to nations providing military aid or vocal support to Ukraine. Italy’s cybersecurity agency detected the incidents but did not disclose remediation steps. The incident underscored NoName057(16)’s recurring focus on symbolic disruption rather than persistent infrastructure damage, aligning with its use of readily available DDoS tools to target publicly accessible web assets.