Cyber Incident Victim: Milan Malpensa Airport

On February 17, 2025, Italy’s cybersecurity agency reported approximately 20 Italian websites were targeted in a cyberattack attributed to the pro-Russian hacker group Noname057(16). The attacks impacted multiple sectors, including financial institutions such as Intesa Sanpaolo, Banca Monte dei Paschi, and Iccrea Banca, alongside critical transportation infrastructure—specifically the websites of Milan’s Linate and Malpensa airports, managed by SEA. The agency linked the incident to escalating diplomatic tensions following Italian President Sergio Mattarella’s February 2025 comparison of Russia’s war in Ukraine to Nazi Germany’s pre-World War II expansionism, which had drawn condemnation from Moscow. Noname057(16) explicitly cited Mattarella’s remarks as motivation for the attack, mirroring their December cyber campaign against roughly 10 Italian institutional websites. Technical disruptions were limited, with no reports of sustained downtime or operational compromise at the airports or banks.

The Italian cybersecurity agency confirmed the attacks were executed on Monday, February 17, but emphasized no critical services were severely disrupted. SEA, operator of Milan’s airports, and Intesa Sanpaolo declined to comment on the incident, while Iccrea Banca stated its systems experienced no service interruptions. Banca Monte dei Paschi did not provide an immediate response to inquiries. Noname057(16)’s reuse of geopolitical grievances as justification aligned with their prior activities, reinforcing patterns of opportunistic targeting following diplomatic friction. The agency’s public attribution did not detail specific attack vectors or defensive measures taken by victims but characterized the incident as part of a broader strategy by pro-Russian actors to retaliate against perceived criticisms of Moscow’s foreign policy.