Cyber Incident Victim: Automobile Club d'Italia
Date:
May 2022
Location:
Italy
Summary
A pro-Russian hacking group known as Killnet conducted distributed denial-of-service attacks against multiple Italian institutions, including the Automobile Club d'Italia, causing temporary disruptions to parliamentary, military, and public health agency websites. The group claimed responsibility via Telegram, characterizing the incidents as cyber training exercises targeting countries supporting Ukraine, while downplaying the severity compared to prior attacks on Romania. Several affected websites were restored within hours, with Italian officials confirming no lasting damage but emphasizing vigilance against such cyber threats amid ongoing geopolitical tensions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 11, 2022, multiple Italian institutional websites experienced disruptions due to distributed denial-of-service (DDoS) attacks claimed by the pro-Russian hacking group Killnet. The affected entities included Italy’s parliament, military, National Health Institute, and the Automobile Club d’Italia (ACI), among other unspecified institutions. The attacks caused temporary outages, with several websites remaining inaccessible for hours before being restored. Killnet publicly took responsibility for the incidents through Telegram channels, framing the operation as retaliation for Italy’s military and financial support of Ukraine following Russia’s invasion. The group characterized the attacks as "military cyber exercises" intended to improve their skills and warned of future offensives against Italian infrastructure. While the Senate’s external network was compromised, Senate President Maria Elisabetta Alberti Casellati confirmed no lasting damage occurred and credited technicians for their rapid response.
The incident mirrored Killnet’s previous DDoS campaigns against NATO-aligned nations, including a similar attack on Romanian government websites two weeks earlier targeting defense, border police, and railway services. Romanian authorities had previously identified Killnet as specializing in DDoS operations against U.S., Estonian, Polish, Czech, and other NATO government sites. Italian officials did not disclose technical specifics of mitigation efforts, but the restoration of most services within hours suggested effective incident response protocols. Microsoft had warned in April 2022 that Russian-aligned threat actors might expand cyber operations against nations supporting Ukraine, noting early interest in Baltic and Turkish infrastructure. Killnet’s Telegram statements explicitly linked the Italy attack to geopolitical tensions, threatening sudden escalation while downplaying the immediate impact compared to their Romanian operation. No data breaches or permanent system compromises were reported among the Italian targets.