Pro-Russia group NoName057 targets Italian sites, including Malpensa and Linate airports, in a new DDoS campaign amid rising geopolitical tensions.
The pro-Russia group NoName57 continues its campaign of DDoS attacks against Italian infrastructure. This time, the group of alleged hacktivists targeted multiple websites, include the sites of Malpensa and Linate airports, as well as the site of the Ministry of Foreign Affairs (Farnesina) and the Turin Transport Group (GTT).
The Italian Cnaipic (National Cybercrime Center for the Protection of Critical Infrastructure) of the Postal Police is investigating the cyberattacks and is helping victims into mitigating the offensive.
The DDoS attacks against the websites of Malpensa and Milan-Linate airports began this morning. At the time of this writing, the websites are still facing problems. The attacks had no impact on the operations at the airports.
The group claimed on its Telegram channel that the attacks were their response to the Italian Russophobes.
“Italian Russophobes are receiving a well-deserved cyber response,” wrote NoName57.
“Today’s attack is certainly of Russian origin, targeting the website of the Ministry of Foreign Affairs. I have already instructed the Secretary-General of the Ministry to prepare a reform to establish a Directorate-General for cybersecurity and artificial intelligence,” said Foreign Minister Antonio Tajani, speaking to journalists in the Senate. “We are working to respond firmly to cyberattacks originating from abroad. We are successfully repelling all of them, but we will further raise the security threshold for all Italian offices worldwide,” the Foreign Minister assured.
The director of the Postal and Communications Police Service Ivano Gabrielli told Adnkronos that the attackers are “ideologically driven cybercriminals seeking visibility rather than causing actual damage.”
“For three days, we’ve been recording similar attacks on various infrastructures and ministerial websites,” Gabrielli told Adnkronos. “These are cyclical attacks carried out by groups that support and align with Russia’s war in Ukraine, targeting countries that take an international stance in support of Ukraine. With the renewed support for Ukraine from the Italian government, this group has resumed targeting certain Italian websites.”
The group published a list of targets on its Telegram channel, which includes government and institutional websites.
The group NoName57 has been active since March 2022 and has targeted government and critical infrastructure organizations worldwide.
NoName057(16) uses multiple tools to carry out their attacks. In September 2022, Avast researchers observed the group using the Bobik botnet to launch DDoS attacks.
They operate in waves, escalating attacks during geopolitical tensions, such as increased military or diplomatic support for Ukraine by other nations.
The timing of these attacks, coinciding with the Christmas holidays, is strategic. Threat actors often plan their operations around periods when organizations are likely to have reduced staff and slower response times, such as holidays or weekends. During these times, critical teams like IT support, cybersecurity, and incident response may be operating at minimal capacity, making it harder to detect, mitigate, and recover from an attack promptly.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, NoName057)