Cyberattacks against pro-Ukraine nations intensified this week. Days after Killnet published claims to have hacked the FBI database, pro-Russian threat group Noname05716 has targeted the Italian military.
“Decided to punish Italy’s military e-learning system – made a real website fall”, read a post in a covert Telegram group, listing the websites they claimed to have hacked.
Ukraine war and Italy
The attackers claim to have accessed nine sub-domains of the Italian ministry of defense, including:
http://selene.Esercito.difesa.it/
http://e-learning.Esercito.difesa.it/
http://aulavirtuale2.elearning.Esercito.difesa.it/
http://aulavirtuale4.elearning.Esercito.difesa.it/
http://e-net.elearning.Esercito.difesa.it/
http://ei-cast2.elearning.Esercito.difesa.it/
http://pmfa.Esercito.difesa.it/
http://babele.Esercito.difesa.it/
The attacks came hot on the heels of Italian Prime Minister Giorgia Meloni’s statements in support for Ukraine, including further supply of weapons. A former admirer of Putin, the far-right leader is currently a strong advocate of NATO and has extended her full support towards Ukraine’s war effort. Her ideological far-right counterparts, such as France’s Marine Le Pen and Victor Orban of Hungary have linked their fortunes with Russia.
Cyber-attacks on Italy spiked since March 2022, following the Russian invasion of Ukraine and the Italian stand against the attack, The Cyber Express reported earlier.
Killnet and the FBI
The attack closely follows another by pro-Russian threat group Killnet, which claimed to have obtained the personal information of over 10,000 US federal officials.
In a message posted on Russian Telegram channels, the hackers claimed to have access to all passwords from online retailers to accounts for Google, Apple, and mass acceptance cards. Screenshots posted on Telegram seem to boast about having access to passwords for online retailers, ID cards for medical purposes, and accounts for Google, Apple, and Instagram.
The FBI is yet to acknowledge the attack. “If legitimate, it would be the boldest attack from Killnet and also suggest capability upgrades,” tweeted cybersecurity industry watcher CyberKnow.
According to the CyberKnow database, there are currently 40 active pro-Russian cyber threat groups, countered by 36 pro-Ukraine ones.
Mode of operation
According to cybersecurity company Avast, NoName057 has been consistently targeting Ukrainian assets since June 2022, when Ukrainian news servers and progressed to local governments, utility companies, armament manufacturers, transportation companies, and postal offices.
“The group reacts to evolving political situations, targeting pro-Ukrainian companies and institutions in Ukraine and neighboring countries, like Estonia, Lithuania, Norway, and Poland,” read the Avast threat report.
According to Avast’s research, the group has a 40% success rate, and companies with well-protected infrastructure can withstand their attack attempts. The research also found that 20% of the successes claimed by the group may not be their doing.
Meanwhile, Killnet has been predominantly hitting key US assets. The most recently one cybercrime group recently executed a DDoS attack on the systems of the parliament of Europe, shortly after it voted in favor of calling Russia a state sponsor of terrorism.
