It is seven in the morning on January 11, 2025 when the portals of Italian ministries and institutions begin to go haywire. Twenty-four hours later it is the turn of companies, ports and banks, targeted by DDoS (Distributed denial of service) attacks that have overloaded the websites, making them inaccessible.
The perpetrators are the hackers of the pro-Russian group Noname057(16), founded in March 2022 and responsible for various attacks against states perceived as adversaries of Russia, including Italy. The collective claimed responsibility for the attacks on Telegram, attributing them to Italian support for Ukraine, confirmed by Prime Minister Giorgia Meloni in the meeting with Ukrainian President Volodymyr Zelensky.
The disruptions were moderate, also thanks to the intervention of the National Cybersecurity Agency (ACN) which helped restore services quickly, but the attacks made a lot of noise. “Noname057(16) is a group born after the outbreak of the war in Ukraine that brings together people in line with the Russian cause and targets all the countries that offer support to Kiev”, says Pierluigi Paganini, a cybersecurity expert.
There is no official evidence of a direct link with the Russian state apparatus, but these actions are very advantageous for Moscow. Thanks to the “hacktivists”, the Kremlin sees its interests defended and promoted without directly exposing itself, avoiding official involvement and diplomatic risks.
In 2016, in fact, the NATO summit in Warsaw recognized cyberspace as an operational domain in conflicts, on a par with land, sea and air. “A cyber attack that damages a member country of the alliance can justify a military reaction, by virtue of Article 5 of the Atlantic Pact” – explains Paganini – “but a cyber offensive is more difficult to attribute and can be used as a skirmish”.
According to Paganini, those of January 11 and 12 are disruptive actions with demonstrative purposes. They do not require large economic resources and, from a technical point of view, “we have all the means necessary to neutralize them”. These are attacks that cannot be compared with large espionage missions attributable to military units, which use much more sophisticated malware.
Despite this, the galaxy of pro-Kremlin hackers continues to expand, with increasing cooperation between groups. Noname057(16) has long been in alliance with other organizations such as Killnet and XakNet, responsible for attacks on several European countries.
A recent development is the activity of networks originating from geopolitical contexts far from the pro-Russian collectives, but who have begun to collaborate with them for convenience and common interests. One of these is Alixsec, a pro-Palestinian cyber pirate association that on January 11 and 12 hit companies such as Olidata, Skillbill and Zucchetti.
These interventions are intended to confuse, create noise, denigrate the countries affected. In a message released after the attack on websites, Noname057(16) invited Italy to “help itself” before Ukraine and to “worry about its own cybersecurity”.
The other dimension of hybrid warfare is disinformation, often carried out through well-planned and financed campaigns, such as Operation Döppelganger. The latter was discovered in 2022 by the NGO EU DisinfoLab, which identified numerous fake articles passed off as productions of major German newspapers. A subsequent investigation by the French government revealed direct links to Russian state bodies.
Whether they are linked to the Kremlin or not, independent hacker networks and disinformation campaigns share the same goal: to disorient, discredit and destabilize countries that do not align themselves with the positions of the Moscow government.
In addition to Russia, Paganini cites other countries that are among the main responsible for cyber incursions against the West: “As far as espionage is concerned, the most aggressive is China. North Korea has carried out attacks against financial institutions to support its army. Finally, Iran is a very active player especially in the Middle East with sabotage operations.”
To prevent this type of hybrid offensive, concludes Paganini, Cyber Threat Intelligence is essential, a constant monitoring and information sharing activity. «Italy has equipped itself with the creation of a cyber threat response center, we must continue to work in this direction by collaborating also at an international level and with private individuals».
Di Massimo De Laurentiis
