Cyber Incident Victim: Consiglio Superiore della Magistratura
Date:
May 2023
Location:
Italy
Summary
The Italian High Council of the Judiciary experienced a DDoS attack employing Slow HTTP techniques by the pro-Russian hacktivist group NoName057(16), which simultaneously targeted the Ministry of the Interior. The group, active since March 2022 in support of Russia's geopolitical interests, disrupted web services by saturating server connections, part of a broader campaign against Italian infrastructure including defense and transportation entities. NoName057(16) publicizes such operations via a Telegram channel with over 30,000 followers to amplify their hacktivist activities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 13, 2023, the pro-Russian hacktivist group NoName057(16) executed distributed denial-of-service (DDoS) attacks against two Italian government entities: the Superior Council of the Judiciary (Consiglio Superiore della Magistratura, CSM) and the Ministry of the Interior. The attack against the CSM website commenced at 10:30 AM local time, followed by a second attack targeting the Ministry of the Interior's website at 12:17 PM. The group employed Slow HTTP attack techniques (also known as HTTP Slowloris), a specific DDoS method designed to exploit web server vulnerabilities by maintaining multiple incomplete HTTP connections. This approach overwhelms server capacity by preventing connection timeouts while blocking legitimate user access. NoName057(16), which publicly emerged in March 2022 following Russia's invasion of Ukraine, coordinates its activities through a Telegram channel boasting over 30,000 subscribers where it regularly announces new targets and claims responsibility for attacks.
The incident formed part of a broader campaign against Italian infrastructure, with prior targets including carabinieri.it, Difesa.it, Esteri.it, BPER Bank, ATAC public transport, the Constitutional Court, and the Ministries of Infrastructure and Transport and Defense. The attackers' methodology centered on saturating target bandwidth through coordinated botnet traffic, though the article provides no specific data regarding downtime duration, data compromise, or service restoration timelines for the CSM. Technical analysis within the source material explains that Slow HTTP attacks manipulate server connection-handling protocols by sending partial requests that prevent resource release, particularly effective against legacy systems or low-bandwidth servers. While the article extensively details DDoS mitigation strategies generally, it contains no information about specific defensive measures implemented by the CSM during or after the attack, nor any operational or financial consequences resulting from the incident. The group's stated motivation remains consistent with its pro-Russian ideological alignment since the Ukraine conflict's inception.