IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Russian Killnet cyber attacks begin on Italian-linked businesses

Italy's cyber security authority issued a warning to all public and private sector organisations with links to the country to prepare for an increased number of cyber attacks from the pro-Russian hackers

An alert has been issued by Italy’s Computer Security Incident Response Team (CSIRT) warning public and private sector organisations of a heightened risk of cyber attacks from pro-Russian hackers.

National public entities like governmental departments, Italian utility companies, and any public sector organisation with a brand image tied to the country of Italy are thought to be at risk, CSIRT Italy said.

The security authority did not specify the identity of the hackers of particular concern, but linked cyber attacks that took place between 11-21 May 2022 against Italian organisations to the hackers in question.

The information provided would suggest that the hackers believed to be targeting the country are the pro-Russian Killnet group.

CSIRT Italy prevented a Killnet-linked cyber attack on the voting system of the Eurovision Song Contest earlier this month. The stifled attack was believed to be an attempt to stop Ukraine from winning the competition.

Following the cyber attack against the Eurovision Song Contest, Killnet ‘declared war’ on 10 countries, including Italy, and denied that it had any involvement in the failed voting system attack.

This announcement prompted the Five Eyes intelligence alliance to issue an alert warning organisations of the eight most dangerous hacking groups that have pledged allegiance to Russia, with Killnet making the list.

The vigilante hacktivist group Anonymous, which has committed to fighting Russia in cyber space following its invasion of Ukraine, said soon after that it too was at war with Killnet.

The pro-Russian hacking group has since made various public posts about Anonymous, claiming that there is both a real and ‘fake’ Anonymous, the latter being the group targeting it.

CSIRT Italy issued its alert on Sunday, the same day an interview with Killnet was published by Italian news outlet Matrice Digitale, in which the hackers said the ‘war’ against Italy would begin at 5am on Monday.

“I want to clarify that the Italian Anonymous are nothing even for the original Anonymous to whom I send a message: our war will start on Italian territory at 05:00,” Killnet told the Italian news site - translated electronically.

“I am sending my message to all corners of the world. May the real Anonymous restore its greatness. Together we will stop the Nazis, the false government, and the weapons of the world. I declare Italy a place of war with the fake Anonymous.”

On Monday, Killnet posted to its Telegram group suggesting that CSIRT Italy had already stopped numerous attacks made by the hacking group, offering praise for its defensive capabilities.

The group claimed that thousands of other Italian and Italian-linked websites are currently down but did not publish a list “because people have to see everything for themselves”.

The group is known for making false claims about supposed successes. Most recently, it claimed to have acquired a genuine copy of NATO secretary general Jens Stoltenberg’s passport, a claim IT Pro verified with NATO to be false.

Italy’s postal service Poste Italiane appeared to be suffering IT issues on Monday but told la Repubblica that the disruption was due to IT issues unrelated to any Killnet-linked cyber attacks.

The Italian Foreign Ministry and the Ministry of Defense also appeared to be offline as of Monday and at the time of writing both sites were still unreachable. There are also reports of Telecom Italia Mobile (TIM) experiencing disruption, according to Downdetector.

CSIRT Italy has issued guidance to all organisations that think they may be at risk of potential cyber attacks from Killnet.

These included a list of the most-exploited security vulnerabilities by pro-Russian hackers and mitigation strategies for distributed denial of service (DDoS) attacks. 

At-risk organisations have also been advised to maintain constant monitoring of all IT infrastructure, to log any anomalies, and promptly alert CSIRT Italy of any potential attacks.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download


What is cyber warfare?

What is cyber warfare?

20 May 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?

Should you take your password manager off the internet?

28 Jul 2022