Cyber Incident Victim: Università degli Studi di Napoli 'Federico II'
Date:
Feb 2023
Location:
Italy
Summary
The Università degli Studi di Napoli 'Federico II' experienced a cyberattack targeting its systems, though institutional websites and strategic servers remained uncompromised due to preemptive security checks and patching following international incident alerts. Firewalls and restricted external access protected managed systems. Some university services were temporarily inaccessible, attributed to scheduled electrical maintenance rather than the attack. A single server used by the Network Security research group for academic purposes was compromised during the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 4 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around February 4, 2023, the Università degli Studi di Napoli 'Federico II' experienced a cybersecurity incident amid a broader wave of international hacker attacks targeting Italian institutions. The university initiated internal verification procedures following reports of these global incidents, focusing on assessing potential compromises to its institutional websites and critical infrastructure. Preliminary investigations revealed no evidence of successful breaches affecting core institutional sites or strategic servers. University officials attributed this resilience to preexisting security measures, including firewalls, secure connection protocols, and network configurations that restricted external access to certain IP address classes. Additionally, the university’s IT department, the Centro di Ateneo per i Servizi Informativi (CSI), had proactively verified and deployed security patches across all managed systems in response to the emerging international threats. This preventive action aimed to bolster defenses against potential vulnerabilities exploited in the wider attack campaign.
The incident did result in the compromise of one specific server utilized exclusively by the university’s Network Security research group for academic study purposes. University authorities confirmed this server’s isolation from mission-critical systems and clarified that its operational scope was limited to research activities, not administrative or institutional functions. Concurrently, some university services remained temporarily inaccessible, but officials clarified this disruption stemmed from a preplanned electrical maintenance shutdown in the server room scheduled for February 4, unrelated to the cyberattack. The university had notified its user community about this maintenance window in advance. Post-incident analysis confirmed no collateral damage to strategic infrastructure, with the compromised research server undergoing forensic examination to determine the attack vector and extent of intrusion. The institution maintained transparency throughout the event, issuing public statements to distinguish between planned downtime and attack-related impacts while reaffirming the integrity of its primary systems.