Cyber Incident Victim: NoName057(16)
Date:
Dec 2024
Location:
Italy
Summary
A pro-Russian hacker group known as NoName057(16) claimed responsibility for a distributed denial-of-service (DDoS) cyber attack targeting Italy's Foreign Ministry and Milan's airports, temporarily disrupting their official websites. The attackers stated the incident was retaliation against perceived anti-Russian sentiments, flooding networks to paralyze access. While the websites were rendered inaccessible for a period, airport mobile applications remained functional and flight operations experienced no disruptions. Cybersecurity authorities provided rapid assistance, mitigating the attack's impact within two hours.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 28, 2024, approximately ten official Italian websites experienced cyber attacks, including those of the Foreign Ministry and Milan’s Linate and Malpensa airports, temporarily disrupting their online services. Italy’s national cyber security agency confirmed the incidents involved Distributed Denial of Service (DDoS) attacks, where threat actors overwhelm networks with excessive data traffic to cause paralysis. The pro-Russian hacker group NoName057(16) publicly claimed responsibility for the attacks through a Telegram message, framing the operation as retaliation against Italy’s perceived “Russophobes” and calling it a “well deserved cyber response.” The agency’s spokesperson stated it was plausible the group orchestrated the attack, though no technical evidence linking them was disclosed. SEA, the company managing Milan’s airports, confirmed the airports’ websites became inaccessible during the incident but clarified flight operations experienced no disruptions. While the websites remained offline, the airports’ mobile applications continued functioning normally, allowing passengers to access real-time flight information and services. The cyber attacks exclusively targeted web-facing infrastructure, with no reported breaches of internal systems or data theft.
Italy’s cyber security agency responded by providing immediate technical assistance to affected institutions and private entities, containing the incident within two hours and mitigating its operational impact. The spokesperson emphasized the attack’s effects were swiftly neutralized through coordinated defensive measures, though specific mitigation techniques were not detailed. NoName057(16)’s Telegram post did not specify motives beyond general anti-Western rhetoric, nor did it threaten further actions against Italy. SEA reiterated the airports’ critical systems remained isolated from the targeted public websites, preventing cascading effects on baggage handling, security screenings, or air traffic control. The Foreign Ministry restored full website functionality following the mitigation period, with no lingering technical disruptions reported by the agency. The incident marked another instance of NoName057(16) targeting European infrastructure amid geopolitical tensions, though Italian authorities did not comment on potential diplomatic repercussions.