Cyber Incident Victim: Italian Government
Date:
Mar 2023
Location:
Italy
Summary
NoName057(16), a pro-Russian hacktivist group, conducted distributed denial-of-service (DDoS) attacks targeting Italian government infrastructure, including the transport regulatory authority and constitutional court portals. The attacks employed slow HTTP techniques to overwhelm servers, causing temporary unavailability of services but without compromising data confidentiality or integrity. This incident aligns with the group’s pattern of disruptive actions against entities perceived as adversarial to Russian interests, leveraging DDoS to disrupt operational availability. The affected websites resumed normal functionality after mitigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around March 25, 2023, the pro-Russian hacktivist group NoName057(16) conducted distributed denial-of-service (DDoS) attacks against multiple Italian government websites. The group claimed responsibility for disrupting the websites of Italy’s Transport Regulation Authority (Autorità Regolazione Trasporti, ART) and the Constitutional Court (Corte Costituzionale). They publicly shared Check-Host.net links on their Telegram channel as proof of the attacks, indicating the ART portal became accessible only from Italian IP addresses during the disruption. The group characterized these actions as part of their continued focus on Italian infrastructure, referencing prior attacks on targets such as the Carabinieri website, which they claimed had been compromised three times previously. NoName057(16) employed slow HTTP attack techniques, a method leveraging incomplete or deliberately delayed HTTP requests to exhaust server resources and block legitimate access. The attacks temporarily rendered the targeted websites inaccessible but did not compromise data confidentiality or integrity.
NoName057(16), which emerged in March 2022 in support of Russia’s geopolitical interests, has historically targeted government entities, media outlets, and private sector websites in Ukraine, Lithuania, the United States, and other European nations. The group utilizes Telegram to announce attacks and has been linked by Ukrainian media to threats against journalists. Their operational focus centers on DDoS attacks aimed at disrupting public-facing services, with slow HTTP attacks being a preferred method due to their ability to mimic legitimate traffic while overwhelming servers. The Italian incidents aligned with this pattern, causing temporary service outages without permanent data loss. The article noted enterprise-level DDoS mitigation services like Cloudflare or Akamai could reduce vulnerability to such attacks but did not specify whether affected Italian entities implemented these solutions. NoName057(16) framed the attacks as retaliation against Italy’s political stance, consistent with their broader hacktivist strategy of using cyber operations to advance pro-Russian narratives.