A group of Pro-Russian hackers known as “Killnet” launched an attack against multiple websites of several Italian institutions, including the senate, the National Institute of Health, and the Automobile Club d’Italia (ACI), the national drivers’ association. The wave of attacks hit Italy, while the Prime Minister Mario Draghi is on an official visit to Washington. The website of the defence ministry was also unreachable, but the officials said that the unavailability was “due to long-planned maintenance activities ongoing on the website”. The Killnet group announced its support to Russia and launched attacks against western taretes, including Romanian govt sistes and the Bradley Airport in the US.
The impact was limited, the websites were unreachable for a short period of time. Italian authorities confirmed that the attacks has not caused data breach or other damages.
The Italian police is investigating the attack, while the National Computer Security Incident Response Team (CSIRT) confirmed that the websites were hit with DDoS attacks. The Pro-Russian hacktivists launched a Slow POST DDoS attack, the CSIRT warns that this kind of attack is unusual and for this reason it could be undetected.
Killnet published a message on its Telegram channel, threatening further attacks may:
“Dear media of Italy and Spain. killnet does not actually attack your countries like it did in Romania. If this were to happen, then April 29, 1945, the day of your surrender, would be repeated very quickly. Our Legion conducts military cyber exercises in your countries in order to improve their skills. Everything happens similarly to your actions – the Italians and the Spaniards are going to learn how to kill people in Ukraine. Our Legion is learning to kill your servers! You must understand that this is training. Don’t make too much noise, I’m sick of the amount of news about attacks on the Senate. I give you my word of honor that our cyber army will soon finish training in your territory, and we will go on the offensive. It will happen suddenly and very quickly.”
The list of the targeted websites was shared on the Telegram channel of the Pro-Russian hacker collective known as The Legion which focuses on attacks against Western organizations and governments, including NATO countries and the Ukraine. The Legion also launched an attack against the ongoing Eurovision Song Contest which is taking place in Turin, Italy, this year.
At this time, it is not clear which is the exact relationship between the Legion and Killnet group.
Since the beginning of Russia’s invasion of Ukraine, the Italian Cybersecurity agency, ACN, has raised alert levels due to the possible spillover of the cyber disputed between the two countries.
Recently other major attacks hit Italian infrastructure, including hospitals and the Italian state-owned railway company Ferrovie dello Stato Italiane (FS).
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
(SecurityAffairs – hacking, Killnet)