Cyber Incident Victim: Ministero della Transizione Ecologica
Date:
Apr 2022
Location:
Italy
Summary
The Italian Ministry of Ecological Transition experienced a severe cyber incident prompting a precautionary shutdown of its entire digital infrastructure, including its public website and internal systems, following the detection of external threats. Officials acknowledged the disruption but did not confirm specific attackers, though experts suspected ransomware involvement based on similar recent incidents like the Hive-group attack on Trenitalia, which disrupted services through data encryption. The National Cybersecurity Agency prioritized restoring systems securely, noting recovery complexity depended on attack depth. Concurrently, unrelated IT outages affected other government entities, including finance and customs agencies, though these were attributed to power issues rather than cyberattacks. The ministry’s systems remained offline for an extended period as investigations continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 6, 2022, the Italian Ministry of Ecological Transition (MITE) experienced a severe disruption when its entire website became inaccessible in the early afternoon. The homepage and all internal pages failed to load, leaving only cached Google snippets visible. Minister Roberto Cingolani confirmed this was a precautionary measure against "external threats detected on the ministry's computer network," necessitating the suspension of all ministerial IT systems. Nearly 48 hours after the outage began, authorities had not publicly disclosed the incident's root cause or technical specifics. Cybersecurity experts cited in reports hypothesized a ransomware attack—malware that encrypts data until payment is made—though no threat actor claimed responsibility. Minister Cingolani declined to confirm whether pro-Russian cybercriminal groups were involved when questioned, stating only that designated agencies were investigating. The disruption occurred amid heightened cyber tensions following Russia's invasion of Ukraine, though no direct geopolitical attribution was established.
The incident paralyzed MITE's digital operations entirely, mirroring impacts observed during a confirmed ransomware attack on Trenitalia weeks earlier. That prior attack, attributed to the Russia-linked Hive group, had crippled the rail operator's website and internal systems. National Cybersecurity Agency Director Roberto Baldoni acknowledged the complexity of restoring MITE's systems, noting recovery timelines depend on attack severity, citing Trenitalia's experience as a reference point. Concurrently, Italy's public sector faced unrelated IT disruptions, including a March 30 Sogei outage affecting finance ministry portals and green pass services—later attributed to power fluctuations rather than hacking. By April 7 evening, MITE's systems remained offline with no restoration timeline provided, and neither the ministry nor Sogei had issued further statements despite media inquiries. Technical teams continued working to eliminate residual threats before reactivating services.