Cyber Incident Victim: Ministero dell'agricoltura, della sovranità alimentare e delle foreste
Date:
Dec 2022
Location:
Italy
Summary
An unnamed Russian cybercriminal group conducted a DDoS attack against an Italian government ministry responsible for agricultural and food sovereignty policies, rendering its primary website unreachable. The attackers claimed responsibility via a Telegram channel, citing retaliation for Italy's political support and military aid to Ukraine as motivation. The incident disrupted multiple governmental online services, including social security platforms, with the perpetrators encouraging further distributed denial-of-service participation through their communications. Technical verification tools confirmed ongoing accessibility issues at the time of reporting, though no additional operational impacts or data compromises were disclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 3, 2022, the website of Italy's Ministry of Agriculture, Food Sovereignty, and Forestry (MASAF) at www.politicheagricole.it became unreachable to users, prompting public speculation about the cause. Cybersecurity investigators from RedHotCyber (RHC) identified the disruption as a distributed denial-of-service (DDoS) attack after discovering a claim of responsibility posted by an unnamed Russian cybercriminal group on their Telegram channel. The group, operating under the handle "SenzaNome057(16)," published a message in both Russian and English-language channels (with approximately 12,000 and 200 followers respectively) stating they targeted MASAF and other Italian government portals to retaliate against Prime Minister Giorgia Meloni's public declarations of continued military and political support for Ukraine. Their post included a link to check-host.net showing technical verification of the attack against MASAF's infrastructure alongside a call for others to join their DDoS campaign, asserting "La vittoria sarà nostra!" ("Victory will be ours!").
The attack temporarily disabled MASAF's primary website, which remained offline as of 20:55 on December 3 according to check-host.net monitoring data shared by the attackers. The disruption extended beyond MASAF, affecting other Italian government domains including previdenzasocialeitaliana.it. The threat actors explicitly linked their actions to Italy's geopolitical stance, citing recent news reports about weapons shipments to Ukraine as their motivation. No data breach or data exfiltration was mentioned in the group's statement, indicating the operation focused solely on service disruption. RHC continued monitoring the situation for developments but noted no official public statements from MASAF regarding incident response or restoration timelines at the time of their reporting. The ministry's website served critical functions related to national agricultural policy coordination, EU representation, and fisheries management, though the specific operational impacts of the outage were not detailed in available sources.