Cyber Incident Victim: Accademia della Crusca
Date:
Jun 2015
Location:
Italy
Summary
The Accademia della Crusca's website was compromised by hackers affiliated with ISIS, who defaced it with the group's propaganda symbols, a video depicting injured children, and threatening messages including "I love Islamic State!" and anti-Western rhetoric. The attackers, identifying as "Phenomene dz" and claiming to be "Islamic state hacker" on Twitter, framed the intrusion as retaliation against Western governments. Investigators linked this to a pattern of similar low-sophistication cyberattacks in Tuscany targeting weakly protected websites, including a regional political party and a school, attributing them to international hacker collectives rather than focused campaigns. Security forces confirmed no direct targeting of the victim institutions in these incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 23, 2015, the website of Italy's Accademia della Crusca, a prominent institution for Italian language studies, was compromised by hackers affiliated with the Islamic State (ISIS). The attackers defaced the site with ISIS propaganda, including the group's symbols, a video featuring images of injured children, and the statement "I love islamic state!" in Italian. An English-language message accompanied the defacement, accusing Western governments of terrorism through military actions in Muslim-majority regions while framing ISIS as defenders. The message concluded with a threat: "This war is just begun... and it will be for us Insha Allah." The hacker group "Phenomene dz," self-identified on Twitter as "Islamic state hacker," claimed responsibility for the attack. The breach occurred during the afternoon of June 22, as reported by local newspaper La Nazione, with the website restored to normal functionality by the morning of June 23.
This incident formed part of a broader pattern of cyberattacks across Tuscany targeting entities with minimal cybersecurity protections, including the regional Democratic Party (PD) website and an unspecified school. Italian law enforcement agencies DIGOS (Divisione Investigazioni Generali e Operazioni Speciali) and Polposta (Postal Police) investigated these incidents, assessing them as untargeted operations rather than deliberate assaults on specific organizations. Investigators attributed the attacks to international hacker collectives distributing automated exploit tools designed to identify and compromise vulnerable websites indiscriminately, described as operating like a "dragnet." No technical details regarding the attack vector, data compromise, or remediation efforts by the Accademia della Crusca were disclosed in available reporting. The defacement primarily served as a propaganda vehicle, with no evidence suggesting data theft, service disruption beyond the temporary site takeover, or direct references justifying the selection of the linguistic institution as a target.