Full Report
Pro-Russia hackers NoName057(16) has targeted Italian banks, airports and ports in a series of DDoS attacks
Analysis Summary
# Threat Actor: NoName057(16)
## Attribution & Identity
- **Identification/Attribution:** Pro-Russia hacker group.
- **Known Aliases and Associated Groups:** Mentioned alongside warnings from the Russian Foreign Ministry regarding geopolitical statements.
## Activity Summary
The group launched a recent wave of distributed denial-of-service (DDoS) attacks targeting key Italian organizations following comments made by Italian President Sergio Mattarella comparing Russia’s actions in Ukraine to the Third Reich.
Historical activities primarily involve targeting nations that support Ukraine, with attacks escalating during periods of heightened geopolitical tension.
## Tactics, Techniques & Procedures
- **Distributed Denial-of-Service (DDoS) attacks:** The primary tactic used to overwhelm websites with fake traffic.
- [No specific MITRE ATT&CK IDs are mentioned in the article.]
## Targeting
- **Sectors:** Banking, Transportation/Logistics, Government/Critical Infrastructure.
- **Geography:** Italy.
- **Victims:** Websites for Milan airports (Linate and Malpensa), the Transport Authority, Intesa San Paolo bank, and the ports of Taranto and Trieste. Previous targets included Italian ministries, critical infrastructure, and Italian Prime Minister Giorgia Meloni’s official website.
## Tools & Infrastructure
- **Malware families used:** Not specified, TTP focuses on volumetric DDoS.
- **Infrastructure (C2, domains, IPs):** Utilizes a Telegram channel for announcing motives and threats. No specific C2 domains or IPs are provided in a defangable format.
## Implications
NoName057(16) serves as a clear representation of hacktivism leveraged in support of Russian geopolitical interests, responding directly to statements made by foreign leaders. While the reported recent attacks were minor and mitigated swiftly by the Italian authorities, the group demonstrates a pattern of escalating activity tied to international political events, posing a persistent nuisance threat to supportive nations.
## Mitigations
- Maintain vigilance due to persistent geopolitical tensions.
- Implement robust defenses capable of mitigating volumetric DDoS attacks (tools and protocols used by the Italian National Cybersecurity Agency (ACN) are effective).
- Ensure swift detection and restoration capabilities for website services.