A new chapter is added to the complex and articulated offensive by cybercriminals near Moscow against our country.
In the past few hours, in fact, a multiple attack by Russian hackers hit several Italian institutional sites. Showing, at the same time, an increase in the level of confrontation, and probably a certain weakness of our defensive system.
Let’s first find out what happened (as we write the picture is still evolving). Let’s then retrace the previous stages of the clash, to be honest, between the Russian hackers and Italy. And finally, let’s see what the position of our Cybersecurity Agency is.
The attack by Russian hackers on Italian institutional sites
Around 10 pm on Thursday 19 May, a massive and multiple attack by Russian hackers began on various Italian institutional sites. And while we are writing the article, around 9.30 on Friday 20, some of these portals are not yet reachable.
The sites affected are those of the Superior Council of the Judiciary, the Customs Agency and three ministries: that of Foreign Affairs, that of Education and that of Cultural Heritage.
The Postal Police, already working to defend the attacked sites, confirmed the action.
The claim
The now well-known Killnet group claimed responsibility for the attack on its Telegram channel. Which has now exceeded 57,000 subscribers.
With the usual direct language, the collective of very young hackers close to the Kremlin has drawn up a series of upcoming goalswhich includes about fifty important sites: of ministries, judicial bodies, guarantee authorities, media and various companies.
The hacker group Killnet wants, undoubtedly without too many words, to set “everyone on fire”. In order to “liquidate the entire Italian information structure”.
The DDoS attack
As with previous offensives, this multiple attack by Russian hackers was also of the DDoS type (acronym for Distributed denial of service). It is an action that, through a very high number of requests for access to a specific computer system in a short period, sends it into a tailspin. Slowing down a site or making it completely unreachable.
This type of offensive does not leave tangible damage, unlike for example ransomware (with which data is stolen and the rightful owner can be blackmailed). These are therefore demonstrative actions, which highlight the weakness of the defensive systems of those who have suffered the attack, and which show the muscles of the offender.
Previous attacks
It all started on Wednesday 11 May. When a Russian hacker attack targeted the Senate and Defense sites. But also those of the Istituto Superiore di Sanità, the Automobile Club of Italy, the Kompass portal, the Institute of Advanced Studies of Lucca and Infomedix.
A few days later, on May 15, the State Police published a tweet. In which he proudly declared that he had repelled several Russian hacker attacks, carried out during the semifinal and final of the Eurovision Song Contest.
But here it is Killnet, declaring himself unrelated to the alleged offensives cited by our Police, went on to attack again. With an action that this time, on Monday 16 May, put the Italian Police site into havoc.
The method is always that of DDoS, more demonstrative than really harmful.
The Killnet Group
The claims of all these cybercriminal actions are from the Killnet group, made up of 20-year-old hackers who report to the Legion collective. Close to Moscow, the Killnet group attacks countries that prove to be pro-Ukrainian or otherwise opposed to the Russian invasion. Among their most sensational actions, those against the portals of the Ministry of Defense and Railways of Romania. Or the one against a number of British hospitals.
The position of the National Cybersecurity Agency
On Tuesday 17 May, Roberto Baldoni, the director of the National Cybersecurity Agency, spoke about the first Russian hacker attacks on Italy.
Baldoni had spoken of “complicated attacks to which it is difficult to react, what we can obviously do is improve the defenses”.
Referring then to the offensives during the two days of Eurovision, the director of the agency had somehow given responsibility to the web voting mechanism. “Bringing the voting system to the internet, there are all the complications we have seen in recent days. We have an attack surface that expands dramatically, with the possibility of Dos and Tidos attacks.
Within a voting operation we could be subjected to this type of attack, and this means slowing down voting and scrutiny operations and all those that are an essential element of democracy ”.
These are answers that reveal more than a few difficulties. And they do not seem the mirror of an organization capable, at least for the moment, of stifling any future offensives.