Two days and two waves of cyber attacks targeted Italian institutional websites and those of Italian banks, companies and ports. It's not the first time this has happened, it must be said, hopefully always both the latter considering that countermeasures exist.
Acn immediately notified the targets and reiterated the mitigation measures. The websites of the ministries used geofencing as a mitigation strategy thanks to which the website is reachable only from certain geographic areas.
The attacks were mainly conducted by a pro-Russian hacker collective called NoName057(16) which began its activities in 2022, coinciding with the escalation of the conflict between Russia and Ukraine.
The group quickly established itself as a major cyber threat actor linked to Russian propaganda, primarily focusing on distributed denial of service (DDoS) attacks against political, government, and corporate targets in countries that support Ukraine. Their initial attacks focused on Ukrainian government institutions and critical infrastructure websites, such as hospitals, media, and utilities. Over time, the group expanded its activity to Western countries, particularly members of NATO and the European Union.
The attack, which caused some temporary slowdowns in access and online services, this time started at 7-7.15, the other attacks started at 8-8.30, and involved among others the websites of the Ministries of Foreign Affairs and Infrastructure, Consob, the Carabinieri, the Navy and the Air Force. Municipal public transport companies such as Atac in Rome, Amat in Palermo, Amt in Genoa were also hit. And the script was repeated the next day, affecting the websites of banks (such as Intesa, Monte Paschi), ports (Taranto, Trieste) and companies (Vulcanair). The reason for this operation is simple, the visit to our country of the Ukrainian President Volodymyr Zelensky, with a consequent increase in pro-Ukraine statements in the national media.
Hackers' goal: to subvert the national narrative on the Ukrainian issue.
The analysis of hacker activities and their connection with propaganda warfare reveals a close interdependence between digital offensive actions and information control. In the case of groups such as NoName057(16) and the like, strategy and tactics follow a well-defined approach, designed to maximize psychological, political and economic impact.
The general strategy combines cyber offensive and psychological warfare, with long-term objectives, the first being to destabilize, their tactical objectives consist in paralyzing critical infrastructures in order to cause discomfort and panic in citizens trying to undermine trust in governments and institutions finally acting at a cognitive level with propaganda actions.
Propaganda and the manipulation of public opinion in the digital age are extraordinarily powerful tools, made even more effective by the strategic use of psychology.. It's no longer just about conveying a message: it's about infiltrating the collective mind, exploiting cognitive vulnerabilities to create divisions, instill doubts and direct behaviors.
Let's think of an average citizen who shakes his feed social. Every post, every headline, every comment is a drop falling into an ocean of information, but not all drops have the same weight. Well-designed propaganda plays on fundamental emotions such as fear, anger, and a sense of belonging.
These emotions are like psychological buttons ready to be pressed: fear immobilizes and distorts the perception of reality; anger makes us reactive and less rational; the sense of belonging consolidates trust in a group, often contrasting it with an external “enemy”.
One of the most used mechanisms is the creation of an "us against them" technique now widely used also in political communication. The hacker group, for example, does not limit itself to launching an attack, but it tells about it. It does so through channels such as Telegram, with triumphal messages that paint the target as the common enemy. The result is twofold.: galvanize their supporters and instill fear or confusion in their targets. Public opinion becomes divided into factions, triggering a cycle of polarization that makes rational debate difficult.
But the manipulation doesn't stop there. The principle of repetition comes into play: a lie, repeated enough times, becomes indistinguishable from the truth for many people. Social media, with its algorithms, amplifies this effect. A false but emotionally charged news story can travel faster than a denial. Hackers, or whoever is behind the propaganda, know this well and use sensational headlines, manipulated images and artfully edited videos to plant the seed of doubt.
Another fascinating aspect is the illusory sense of control that propaganda can provide. Part of its power is that it gives users the sense that they are participating in something bigger, that they have a role in the digital battle. A supporter might be drawn into joining a DDoS attack not so much by technical expertise, but by a desire to “do their part.” This exploits the human need for meaning and purpose.
Then there is the question of strategic disinformation.. The goal is not always to make people believe in a falsehood. Sometimes, simply muddying the waters is enough. If people no longer know what to believe, they stop believing everything, and this loss of collective trust becomes fertile ground for further manipulation. It's like sabotaging the fabric of shared reality.
Propaganda, then, is not just about immediate victory. It is a long game, which undermines the foundations of social trust, disorients communities, and ultimately weakens the very structures that hold a society together. If one is not aware of its workings, it can operate undisturbed, pushing people to fight battles they never really chose.
So these attacks are not a matter of hackers taking down servers, but of a psychological battle that enters homes, minds and hearts, transforming the digital space into the most intimate and dangerous battlefield of our times.
Analyzing the actions of this group and others, we realize that more than the actual compromise of the servers and the data contained therein, as happens for example by Gang for economic, extortion or robbery purposes, the attack is "limited" to not making a system or service accessible by targeting the physical limits of the service itself, the aim is therefore to overload it with significant volumes of traffic against which the attacked system has not taken countermeasures, with the aim of carrying out subsequent psychological warfare campaigns.
