Cyber Incident Victim: NoName057(16)
Date:
Feb 2023
Location:
Italy
Summary
A pro-Russian hacker group known as NoName057(16) conducted a DDoS attack against multiple Italian public and private entities, including government ministries, banks, and energy companies. The collective explicitly linked the attack to Italy's provision of military aid to Ukraine following the Prime Minister's visit to Kyiv. Targets reportedly included the foreign affairs, interior, and defense ministries, along with critical infrastructure portals and financial institutions. While the incident caused temporary service disruptions, defensive measures by affected organizations largely mitigated operational impacts. Italy's National Cybersecurity Agency confirmed monitoring the situation and noted most services were promptly restored, characterizing the attack as application-layer focused and technically sophisticated despite limited effectiveness.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 20-21, 2023, a pro-Russian hacking group known as NoName057(16) executed a distributed denial-of-service (DDoS) attack against approximately ten Italian websites belonging to government institutions and private companies. The group publicly claimed responsibility via Telegram channels, explicitly linking the attack to Italian Prime Minister Giorgia Meloni’s visit to Kyiv and Italy’s commitment to provide Ukraine with a sixth military aid package, including SAMP-T air defense systems. Targeted entities included the Italian Ministry of Foreign Affairs, Ministry of the Interior, Ministry of Defense, Ministry of Agricultural Policies, the Carabinieri law enforcement agency, BPER Bank, utility provider A2A Group, telecommunications firm TIM Group, and the national identity card portal. The attackers described their campaign as a response to Italy’s “Russophobic” policies and military support for Ukraine. Technical infrastructure disruptions began on February 20, with the group announcing continued attacks the following day.
The attack caused temporary service interruptions across affected websites, though most remained accessible due to mitigation efforts by organizational cybersecurity systems. Italy’s National Cybersecurity Agency (ACN) confirmed the incident, noting defenses had largely contained the impact through prompt restoration of services. They characterized the assault as a sophisticated application-layer attack requiring coordinated response measures. Investigative sources indicated approximately ten public and private entities suffered disruptions, with the Post and Communications Police launching an official inquiry. NoName057(16) documented their targeting methodology and geopolitical motivations in Telegram posts, while Italian authorities emphasized no critical infrastructure sustained lasting damage. The ACN maintained active monitoring throughout the incident, issuing alerts to relevant stakeholders as defensive protocols neutralized most attack vectors.