Cyber Incident Victim: Italian airports of Malpensa, Linate and Orio al Serio

On February 17, 2025, approximately 20 Italian websites, including those of major financial institutions and airports, were targeted in a cyberattack attributed to the pro-Russian hacker group Noname057(16). The affected entities included Intesa Sanpaolo, Banca Monte dei Paschi, Iccrea Banca, and the websites for Milan's Linate and Malpensa airports, managed by SEA. Italy's national cybersecurity agency confirmed the attacks occurred on Monday but noted they did not cause major operational disruptions. The agency linked the incident to escalating diplomatic tensions between Italy and Russia, specifically citing Italian President Sergio Mattarella's earlier public comparison of Russia's invasion of Ukraine to Nazi Germany's pre-World War II expansionism. Noname057(16) explicitly referenced Mattarella's remarks as motivation for the attack, mirroring their December 2024 campaign against roughly 10 Italian institutional websites.

The cybersecurity agency disclosed that the attacks primarily involved disruptive actions against public-facing web services, though technical specifics of the attack vectors were not detailed in public statements. Intesa Sanpaolo and SEA, the airport operator, declined to comment on the incident. Iccrea Banca confirmed no service disruptions occurred during or after the attack, while Banca Monte dei Paschi did not respond to requests for comment. No data breaches, financial losses, or prolonged system outages were reported by the targeted organizations. The incident marked the second confirmed cyber campaign by Noname057(16) against Italian infrastructure within three months, demonstrating sustained focus on Italian entities amid geopolitical friction. Italian authorities did not disclose defensive measures taken during the incident but characterized the operational impact as limited.