In the aftermath of Giorgia Meloni’s visit to Ukraine, a new hacker attack against Italy. Numerous institutional sites were hit by the pro-Russian group NoName57(16) such as that of the Ministry of Foreign Affairs, that of Defense and that of the Carabinieri. But not only. Even banks like Bper and utility companies like A2A. The claim arrived in the morning on Russian propaganda Telegram channels and is involving a multitude of sites, which are unreachable. And new attacks could arrive in the next few hours and days.

The message of the attack startled more than one government official this morning. “Italy will provide Ukraine with the sixth package of military assistance, which will include three types of air defense systems,” said the NoName57(16) hacktivists. «As Italian Prime Minister Giorgia Meloni said during a press conference in Kiev, we are talking about the SAMP-T, Skyguard and Spike anti-tank systems. Today we will continue our fascinating journey through Russophobic Italy,” they said. Finally the admission: “The site of the Italian Carabinieri (one of the military formations subordinate to the Ministry of Defence) was attacked”. But not only. Foreigns are also under attack, as is Defense, which are on and off depending on the power of the action, which goes in waves. The resilience of the Foreign Affairs website has been remarkable, confirm sources close to the dossier, but there have been difficult moments. On the other hand, that of the Carabinieri has also been made unavailable in terms of safety certificates. Specifically, the wording “NET::ERR_CERT_REVOKED” on the Arma’s website represents a much more invasive breach than the first estimates, since NoName57(16) has revoked the website’s security certificate, a factor that exposes users to theft identity and passwords.

In the six messages with which the group of Russian hackers claim as many actions against Italy, two of these actions would have hit the sites of the energy company A2A and that of Banca Bper, through that of Carige. However, neither of the two sites currently seems to experience any access problems. The evolution, however, is still in progress.

To understand the scope of today’s event, we need to take a step back. NoName 057(16) is among the most active Russian groups in the cyber warfare alongside the kinetic conflict in Ukraine. The group was created a year ago, in March 2022, shortly after the entry of Russian tanks into the territory of Kiev. He immediately became the protagonist of a series of attacks against government entities and critical infrastructure in Ukraine and the countries that support it. In particular Poland, Lithuania, Latvia, Estonia, Slovakia, Norway and Finland. It is the first time that the attackers have targeted Italy. Even if it is not the first time that Italy has been hit by pro-Russian hacker groups. Last year, in April, the Killnet group had taken down the site of the Senate, Defense and Foreign Affairs in an attack very similar to the one launched today by No Name.





The ECB launches the hacker alarm: after the invasion of Ukraine, banks are being targeted Fabrizio Goria 08 February 2023

These attacks are called “Slow HTTP Attacks” and are a form of DDoS attack (Distributed Denial of Service) in which the attacker tries to exploit the fragility of HTTP servers, sending a significant amount of partial requests for access to the site. In other words, in this kind of action, the attacker keeps the connection with the server open for a very long period of time, forcing the same server to keep multiple connections open simultaneously, thus occupying server resources. And thus blocking requests that come from legitimate users. The scenario is evolving, and the multiple criticalities of the Italian servers – known for some time – could be the bolt for a digital war framework that could continue.