Cyber Incident Victim: Intesa Sanpaolo
Date:
Feb 2025
Location:
Italy
Summary
Alleged pro-Russian hackers from the group Noname057(16) targeted approximately twenty Italian websites, including those of Intesa Sanpaolo, other banks, and Milan's Linate and Malpensa airports, according to Italy's cybersecurity agency. The attack, which did not cause major disruption, was motivated by recent remarks from the Italian president comparing Russia's war in Ukraine to Nazi expansionism. The agency noted that the same group had previously claimed an attack on Italian institutional websites. While some affected organizations declined comment or reported no disruptions, the incident highlights ongoing cyber tensions linked to the geopolitical conflict.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 17, 2025, Italy's national cybersecurity agency publicly disclosed that approximately twenty Italian websites had been targeted in a coordinated cyberattack earlier that month. The agency attributed the operation to the pro-Russian hacker collective known as Noname057(16), explicitly linking the attack to recent diplomatic tensions between Italy and Russia. This motivation was cited by the hackers themselves, who referenced controversial remarks made by Italian President Sergio Mattarella earlier in February. In those comments, President Mattarella had compared Russia's war on Ukraine to the expansionism of Nazi Germany prior to World War II, statements that provoked outrage in Moscow while being defended by Prime Minister Giorgia Meloni. The cyber campaign specifically targeted the public-facing websites of several prominent Italian institutions and corporations, including Intesa Sanpaolo, Banca Monte dei Paschi, Iccrea Banca, and the operators of Milan's Linate and Malpensa airports. The attack occurred in the immediate aftermath of the presidential comments, representing a direct digital response to the geopolitical rhetoric.
The cybersecurity agency reported that while the attacks were significant in scope, they ultimately did not cause major operational disruption to the targeted entities. Following the disclosure, the affected organizations issued varied responses. Both Intesa Sanpaolo and SEA, the company managing Milan's airports, declined to provide any comment on the incident. A spokesperson for Iccrea Banca explicitly stated that the bank experienced no disruptions as a result of the attack. Banca Monte dei Paschi did not respond to a request for comment in a timely manner. This incident was not an isolated action by the group; the agency noted that Noname057(16) had previously claimed responsibility for a separate cyberattack in December 2024, which had targeted around ten Italian institutional websites. The February attack demonstrated the group's continued focus on Italian targets within a context of heightened East-West diplomatic friction, using website disruptions as a tool for political messaging without achieving sustained technical compromise of the underlying systems.