The pro-Russia group NoName57 has once again launched a series of DDoS attacks against Italian infrastructure, targeting websites such as Malpensa and Linate airports, the Ministry of Foreign Affairs, and the Turin Transport Group. The attacks, which began earlier today, have caused disruptions to the affected websites but have not impacted the operations at the airports.
According to reports, the group claimed responsibility for the attacks, citing them as a response to what they perceive as Italian Russophobia. In response to the cyberattacks, Foreign Minister Antonio Tajani announced plans to establish a Directorate-General for cybersecurity and artificial intelligence to enhance Italy’s defense against such threats from abroad.
The director of the Postal and Communications Police Service, Ivano Gabrielli, described the attackers as ideologically driven cybercriminals seeking visibility rather than causing actual damage. He noted that the attacks coincide with the ongoing conflict in Ukraine, with the group targeting countries that support Ukraine in the international arena.
NoName57 has been active since March 2022, targeting government and critical infrastructure organizations worldwide. The group employs various tools for their attacks, including the Bobik botnet, as observed by Avast researchers in September 2022. They tend to escalate their attacks during periods of heightened geopolitical tensions, such as increased support for Ukraine by other nations.
The timing of these attacks during the Christmas holidays is strategic, as threat actors often exploit periods when organizations may have reduced staffing and slower response times. This can make it more challenging for critical teams like IT support and cybersecurity to detect, mitigate, and recover from an attack promptly.
The Italian Cnaipic (National Cybercrime Center for the Protection of Critical Infrastructure) is currently investigating the cyberattacks and working to help mitigate the impact on the affected websites. Both government and institutional websites have been listed as potential targets by the group on their Telegram channel.
As the cyber conflict continues, it underscores the importance of maintaining robust cybersecurity measures to defend against evolving threats from hacktivist groups like NoName57. Stay updated on the latest developments by following @securityaffairs on Twitter and Facebook, and on Mastodon for the latest insights from cybersecurity expert Pierluigi Paganini.
With NoName57’s persistent cyber activities, organizations must remain vigilant and proactive in strengthening their cybersecurity posture to withstand potential attacks and safeguard critical infrastructure from disruptive cyber incidents.