Introduction
Since March 2022 [14], the pro-Russian hacker group NoName057(16) has been actively targeting Italian entities through a series of Distributed Denial of Service (DDoS) attacks. These attacks have primarily focused on the transport and financial sectors, with recent escalations affecting major airports and other critical infrastructure. Despite the disruptions [1], the impact on services has been minimal due to effective security measures [4].
Description
A pro-Russian hacker group [1] [9] [14], NoName057(16) [1] [2] [3] [4] [5] [6] [8] [9] [10] [11] [12] [13] [14], has been active since March 2022 [14], conducting a series of DDoS (Distributed Denial of Service) attacks against approximately 20 significant Italian entities, particularly targeting the transport and financial sectors. Recently, the group has intensified its focus on the websites of major airports in Milan, including Linate and Malpensa [1] [2] [3] [4] [6] [7] [8] [9] [10] [11] [12] [13] [14], as well as the Transport Authority and ports in Taranto and Trieste [4]. Despite the numerous sites affected [4], the impact on services has been minimal [4], indicating effective security measures in place [4]. Notably, the news site Corriere.it has also been among the targeted entities.
Just five days prior to these attacks, NoName057(16) targeted other Italian banks, such as Banca Monte dei Paschi and Iccrea Banca [13], further demonstrating its hostile actions against Italy. The group’s recent wave of attacks follows similar incidents that occurred in December 2023, affecting multiple institutional websites [13], including Acqua Novara, Acque Veronesi [5], and Siena Mobilità [5]. Although these earlier attacks were described as minor and primarily demonstrative, they caused significant disruptions, forcing institutions and companies to temporarily halt services.
The motivation behind these actions has been linked to remarks made by Italian President Sergio Mattarella, whom the group labeled a “Russophobe” for his comments comparing Russia’s actions in Ukraine to those of Nazi Germany [14]. This sentiment was further fueled by his speech at the University of Marseille, which drew criticism from Russian officials [5]. Experts warn that crucial sectors like transport and finance have become prime targets, with potential significant economic repercussions.
The Italian National Cybersecurity Agency (ACN) and postal police are actively providing support and implementing measures such as geofencing to mitigate the impact of these attacks [12], ensuring that most targeted sites were restored quickly, although Acque Veronesi remained offline [5]. The agency has reported that the attacks, while disruptive, have been more demonstrative than effective [12], with limited consequences overall [12]. NoName057(16) typically escalates its activities during periods of heightened geopolitical tensions [14], such as increased support for Ukraine [14], and has previously targeted Italian ministries, critical infrastructure [4] [10] [12] [14], and private organizations during significant political events [14], including the visit of Ukrainian President Volodymyr Zelensky to Italy [14].
The group employs various tools and techniques for their attacks [14], including the Bobik botnet [14], and justifies their actions as retaliation against perceived anti-Russian sentiments. The current geopolitical tensions suggest that these attacks may be just the beginning of a broader strategy to undermine the stability of Italy’s critical infrastructure. International cooperation is vital in combating increasingly sophisticated cyber threats [4], and the resilience of critical infrastructure [4], along with advanced data protection technologies [4], is crucial for maintaining service continuity [4].
Conclusion
The ongoing cyberattacks by NoName057(16) highlight the vulnerabilities within Italy’s critical infrastructure, particularly in the transport and financial sectors. While the immediate impact has been mitigated by robust security measures, the potential for significant economic repercussions remains. Continued vigilance, international cooperation [4], and the enhancement of cybersecurity protocols are essential to counteract these threats and ensure the resilience of vital services against future attacks.
References
[1] https://www.infosecurity-magazine.com/news/noname05716-hit-italian-banks/
[2] https://www.ilsole24ore.com/art/attacchi-hacker-filorussi-infrastrutture-e-banche-italiane-AGHtgAxC
[3] https://economictimes.indiatimes.com/tech/technology/italian-websites-targeted-by-alleged-pro-russian-hackers/articleshow/118333970.cms
[4] https://www.notizie.it/en/cyber-attacks-against-italy-noname05716-group-targeted/
[5] https://www.punto-informatico.it/nuovo-attacco-noname05716-contro-siti-italiani/
[6] https://gds.it/articoli/mondo/2025/02/17/scatta-un-cyberattacco-russo-contro-litalia-colpiti-trasporti-e-banche-faebaf78-cde4-4265-8ed0-d569748aa076/
[7] https://www.repubblica.it/tecnologia/2025/02/17/news/nonanmehackerrussiddosattaccocomefunziona-424009406/
[8] https://tg24.sky.it/tecnologia/2025/02/17/attacco-hacker-filorussi-siti-italia
[9] https://www.ansa.it/english/news/2025/02/17/pro-russian-hackers-attack-transport-banking-sectors36dcf944-592a-4de2-9ed6-58dc131ba6fd.html
[10] https://www.webnews.it/italia-sotto-attacco-hacker-noname05716-colpisce-banche-e-infrastrutture/
[11] https://www.unionesarda.it/news/italia/attacchi-hacker-filorussi-contro-siti-italiani-nel-mirino-anche-gli-aeroporti-di-milano-xlfvitjv
[12] https://roma.corriere.it/notizie/cronaca/25febbraio_17/hacker-russi-italia-noname057-16-14976a29-c9b2-43d6-a2d5-7fd09ab8cxlk.shtml
[13] https://saharareporters.com/2025/02/17/pro-russian-hackers-attack-websites-italian-airports-banks
[14] https://securityaffairs.com/174294/hacktivism/noname05716-launched-ddos-attacks-on-italian-sites.html
