Cyber Incident Victim: Italian Ministry of Interior
Date:
May 2023
Location:
Italy
Summary
The Italian Ministry of Interior and the Superior Council of the Judiciary experienced distributed denial-of-service (DDoS) attacks attributed to the pro-Russian hacktivist group NoName057(16), which employed Slow HTTP techniques to disrupt services by overwhelming servers with incomplete requests. The group, active since March 2022 in support of Russia's geopolitical interests, has previously targeted other Italian entities including defense, infrastructure, and financial institutions, publicizing its activities via a Telegram channel with over 30,000 followers. These attacks aimed to degrade online service availability through traffic saturation, consistent with the group's hacktivist objectives.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 13, 2023, the pro-Russian hacktivist group NoName057(16) executed distributed denial-of-service (DDoS) attacks against two Italian government entities. The first attack targeted the Superior Council of the Judiciary (Consiglio Superiore della Magistratura) beginning at 10:30 AM local time, followed by an assault on the Italian Ministry of Interior's website starting at 12:17 PM. The group employed Slow HTTP attack techniques, a specific DDoS method exploiting HTTP connection management vulnerabilities by sending partial requests that kept server connections persistently open. This technique prevented the targeted web servers from processing legitimate user requests by exhausting available connections through incomplete transactions that never reached timeout thresholds. NoName057(16) publicly claimed responsibility through their Telegram channel, which they routinely use to announce cyber operations to their 30,000+ subscribers. The attacks aligned with the group's established pattern of targeting Italian institutional websites, having previously disrupted carabinieri.it, Difesa.it, Esteri.it, BPER Bank, ATAC public transport, the Constitutional Court, and the Ministries of Infrastructure and Transport and Defense.
NoName057(16) emerged in March 2022 as a pro-Russian collective supporting the Kremlin's military actions against Ukraine, conducting sustained DDoS campaigns against nations opposing Russia's invasion. Their operational methodology focuses on Layer 7 application-layer attacks rather than network-layer flooding, maximizing disruption with minimal bandwidth expenditure through Slow HTTP techniques. The Italian incidents formed part of a continuous geopolitical hacktivism campaign, though the article provides no confirmation of data breaches, data exfiltration, or persistent network access beyond temporary service degradation. No specific mitigation measures implemented by the Italian agencies were detailed in the source material, nor were duration of outages or technical characteristics of the targeted infrastructure disclosed. The attacks exemplified the group's recurring modus operandi of coordinating short-duration DDoS strikes against government and critical infrastructure websites to generate symbolic impact rather than inflict permanent damage.