Cyber Incident Victim: NoName057(16)
Date:
May 2023
Location:
Italy
Summary
A pro-Russian hacker group known as NoName057(16) conducted a distributed denial-of-service (DDoS) attack targeting the website of Banca di Credito Cooperativo di Roma, employing Slow HTTP techniques to overwhelm the bank's servers by maintaining incomplete connections. The attack lasted approximately four hours, causing temporary service disruption but no permanent infrastructure or data damage, consistent with typical DDoS impacts where normal operations resume after traffic mitigation. This incident aligns with the group's broader campaign against Italian entities, focusing on rendering online services inaccessible through volumetric traffic floods rather than data breaches or system compromises.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 28, 2023, the pro-Russian hacktivist group NoName057(16) executed a distributed denial-of-service (DDoS) attack against the website of Banca di Credito Cooperativo di Roma (BCC Roma), a cooperative credit bank based in Rome. The attack overwhelmed the bank’s web infrastructure with illegitimate traffic from a botnet, rendering the site inaccessible to legitimate users for approximately four hours. This incident aligned with the group’s pattern of targeting Italian entities, though specific motives for selecting BCC Roma were not disclosed in available sources. The attackers exploited the bank’s web servers by flooding them with requests, a common DDoS tactic designed to exhaust system resources without infiltrating or permanently damaging infrastructure. No data breaches, financial theft, or system compromises were reported as part of this incident. Service restoration occurred automatically once the malicious traffic volume subsided, consistent with typical DDoS attack patterns where normal operations resume after mitigation or natural attrition of the attack.
The primary impact was operational disruption, preventing customers and stakeholders from accessing BCC Roma’s online services during the attack window. While the bank did not publicly quantify financial or reputational losses, the incident underscored vulnerabilities in its web infrastructure to volumetric attacks. Available evidence did not specify BCC Roma’s exact mitigation measures during the event, though standard DDoS countermeasures—such as traffic filtering, resource scaling, or third-party mitigation services—were implicitly relevant given the attack’s cessation. The group’s use of botnets reflected a low-complexity, high-impact strategy requiring minimal technical sophistication but significant coordination. NoName057(16)’s broader campaign against Italian targets suggested a geopolitical agenda, though no explicit claims or demands related to this incident were documented. Post-incident forensic details, including botnet origins or attack tooling, remained undisclosed in public reporting. The bank’s recovery timeline and any collateral effects on related financial systems were not elaborated in source material.