Cyber Incident Victim: Polizia Postale e delle Comunicazioni
Date:
Mar 2023
Location:
Italy
Summary
Cyberattacks targeted multiple Italian government institution portals, including those operated by the Post Police, Transport, and Finance Ministries, with the Post Police successfully defending against these intrusions. However, hackers breached the website of Rome's public transport operator, though the attack only disrupted its online presence without impacting actual transit operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 22, 2023, Italian institutions experienced coordinated cyberattacks targeting multiple government portals, including those operated by Polizia Postale e delle Comunicazioni (Postal Police), the Ministry of Transport, and the Ministry of Finance. The Postal Police, responsible for overseeing national cybersecurity, confirmed these attempted breaches against their own systems and the other ministries. While the attackers failed to compromise the Postal Police, Transport Ministry, and Finance Ministry’s online portals due to successful defensive measures, they achieved partial success against an unrelated entity: Roma Trasporti (ATAC), Rome’s public transport operator. The attackers disrupted ATAC’s public-facing website, though preliminary assessments indicated no immediate infiltration beyond superficial interface disruption. Initial reports emphasized the separation between ATAC’s informational website and its operational control systems, which governed vehicle movements and scheduling. No service delays or cancellations were attributed to the cyber intrusion, preserving public transit functionality across the capital region.
The operational impact remained isolated to ATAC’s web presence, with restoration efforts launched shortly after detection. The Postal Police led the incident response, coordinating with affected agencies to analyze attack vectors and reinforce network defenses. No data exfiltration or ransomware deployment was publicly reported, suggesting the incident aimed primarily at causing temporary disruption or testing institutional resilience. Limited technical details about the attackers’ identity or methodology were disclosed, though the simultaneous targeting of government portals implied a degree of coordination. Final confirmation of full service restoration for ATAC’s website was not explicitly stated, though subsequent updates confirmed normalized operations across all targeted government portals. The incident underscored existing cybersecurity challenges faced by Italy’s public infrastructure amid a global rise in politically or ideologically motivated attacks.