Cyber Incident Victim: Intesa Sanpaolo
Date:
Feb 2025
Location:
Italy
Summary
A pro-Russian hacker group known as Noname057(16) targeted approximately 20 Italian websites, including those of major banks such as Intesa Sanpaolo and key airports in Milan, in a cyberattack motivated by recent political tensions between Italy and Russia. The attack followed Italian leadership's criticism of Russia's actions in Ukraine, which drew condemnation from Moscow. Italy's cybersecurity agency confirmed the incidents but noted no significant operational disruptions occurred. Some affected organizations, including one bank, explicitly stated their services remained unaffected. This incident mirrors a similar cyber campaign by the same group against Italian institutional websites several months prior.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 17, 2025, approximately 20 Italian websites experienced cyberattacks attributed to the pro-Russian hacker group Noname057(16). The coordinated attacks targeted multiple financial institutions—including Intesa Sanpaolo, Banca Monte dei Paschi, and Iccrea Banca—along with the websites of Milan's Linate and Malpensa airports. Italy's national cybersecurity agency publicly confirmed the incidents on the same day, linking them to heightened diplomatic tensions between Italy and Russia. This followed February 2025 remarks by Italian President Sergio Mattarella comparing Russia's invasion of Ukraine to Nazi Germany's pre-World War II expansionism, which had drawn strong objections from Moscow. The hacking group explicitly cited Mattarella's statements as motivation for their actions in communications referenced by cybersecurity officials.
The attacks caused temporary disruptions but did not result in major operational impacts according to official assessments. Intesa Sanpaolo and SEA (operator of Milan's airports) declined public comment on the incidents, while Iccrea Banca confirmed no service disruptions occurred. Banca Monte dei Paschi did not provide immediate response to inquiries. This marked the second recent campaign by Noname057(16) against Italian targets, following their December 2024 attacks on approximately 10 institutional websites. The cybersecurity agency characterized both incidents as politically motivated website disruptions rather than penetrations of critical infrastructure systems. No data breaches, financial losses, or extended downtime were reported by affected organizations in the February 17 events.