Cyber Incident Victim: Istituto Superiore di Sanità

On May 11, 2022, multiple Italian government and institutional websites, including those of the parliament, military, and Istituto Superiore di Sanità (ISS), experienced disruptions attributed to distributed denial-of-service (DDoS) attacks. The pro-Russian hacking group Killnet claimed responsibility for the incidents via Telegram, framing the operation as part of ongoing "military cyber exercises." The attacks also affected the Automobile Club d'Italia and other unspecified Italian institutions. Several targeted websites remained inaccessible for multiple hours before being restored. Italy’s Senate President, Maria Elisabetta Alberti Casellati, confirmed the Senate’s external network was compromised but reported no lasting damage, crediting technicians for their immediate containment efforts. She characterized the incident as a serious episode requiring continued vigilance.

The attacks followed a similar pattern to Killnet’s operations against Romanian government websites two weeks earlier, which the group explicitly linked to Romania’s support for Ukraine following Russia’s invasion. Romanian authorities had previously identified Killnet as specializing in DDoS attacks against NATO members, including the U.S., Estonia, Poland, and the Czech Republic. In Telegram posts, Killnet members downplayed the severity of the Italy attack compared to their Romanian operation but issued threats of future offensive actions, stating their "cyber army" was training on Italian infrastructure. The group’s rhetoric directly referenced Italy’s provision of military and financial aid to Ukraine. Microsoft had warned in April 2022 that Russian-aligned threat actors might expand cyber operations against nations supporting Ukraine, noting activity targeting NATO members like the Baltics and Turkey. No data breaches or permanent system compromises were reported in the Italian incidents.