Cyber Incident Victim: SEA Group
Date:
Feb 2025
Location:
Italy
Summary
A pro-Russian hacker group known as Noname057(16) targeted approximately 20 Italian websites, including those belonging to major banks and Milan's airports managed by SEA Group, in retaliation for critical remarks made by Italian leadership regarding Russia's actions in Ukraine. The attacks, which did not cause significant operational disruptions, were explicitly linked by Italy's cybersecurity agency to political tensions following comparisons between Russian expansionism and Nazi Germany. The same group had previously claimed responsibility for similar cyber operations against Italian institutional websites months earlier. Affected organizations reported no major service interruptions, though SEA Group and some financial institutions declined detailed comment on the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 17, 2025, Italy’s cybersecurity agency reported approximately 20 Italian websites experienced cyberattacks attributed to the pro-Russian hacker group Noname057(16). The attacks targeted financial institutions and transportation infrastructure, including Intesa Sanpaolo, Banca Monte dei Paschi, Iccrea Banca, and SEA Group’s Milan Linate and Malpensa airports. The agency linked the incident to escalating diplomatic tensions following Italian President Sergio Mattarella’s February 2025 comparison of Russia’s invasion of Ukraine to Nazi Germany’s pre-World War II expansionism, which had drawn condemnation from Moscow. Noname057(16) explicitly cited Mattarella’s remarks as motivation for the attacks. While the intrusions compromised website functionality, the cybersecurity agency confirmed they did not cause major operational disruptions to the affected organizations.
SEA Group, which operates Milan’s airports, declined to comment on the incident. Iccrea Banca stated it experienced no service disruptions, while Intesa Sanpaolo also offered no public response. Banca Monte dei Paschi did not immediately acknowledge requests for comment. Italy’s cybersecurity agency noted this was not Noname057(16)’s first attack against Italian targets, referencing a prior December 2024 incident where the group compromised approximately 10 institutional websites. The agency’s assessment confirmed the group’s consistent pattern of retaliatory cyber operations following political statements critical of Russia, though the February 2025 attacks remained limited in technical impact despite their broad targeting of high-profile entities.