Cyber Incident Victim: Comune di Reggio Emilia

On the morning of Wednesday 26 February 2025 the official website of the Comune di Reggio Emilia became inaccessible following a cyber attack. The attack was claimed by the pro‑Russian hacker group NoName057, which said it had also targeted other Italian institutions. The group’s claim placed the Reggio Emilia incident within a wider wave of DDoS operations against the Regione Marche, the Regione Molise, the municipalities of Allein and Aymavilles in the Valle d’Aosta and the city of Giugliano in Campania. According to municipal sources the service was progressively restored and the platform returned to full operation because the underlying system held.

No evidence of data exfiltration was reported and citizen services such as the Cup remained unaffected during the incident. The Regione Marche site, which had been under DDoS pressure for the tenth day of the campaign against Italy, experienced only slowdowns and was temporarily suspended to allow a complete restoration. Bruno Frattasi, director general of the Agenzia per la cybersicurezza nazionale, noted at the Festival of Intelligenza Artificiale in Milan that NoName057 was using DDoS to attempt to influence public opinion while the targeted institutions were reacting effectively and containing the effects. He also clarified that artificial intelligence contributes to ransomware threats but does not play a role in pure DDoS attacks, noting its dual‑use nature and the agency’s own use of AI to anticipate and prevent cyber threats.

The episode is described by officials as a single element of a broader offensive cyber strategy aimed at Italian public sector portals. The coordinated nature of the attacks, spanning multiple regions and types of entities, underscores the campaign’s scope. The municipal response, which relied on the resilience of the existing infrastructure to bring the site back online without data loss, illustrates the reported effectiveness of the defensive measures in place.