In the early hours of 28 December 2024, as passengers bustled through the terminals of Milan’s Malpensa and Linate airports, an invisible battle raged in cyberspace. The pro-Russian hacker group NoName057(16) launched a coordinated cyberattack on Italy’s critical infrastructure, briefly crippling public-facing websites of the airports and other institutions. It was an act that exposed vulnerabilities while underscoring the growing sophistication of state-aligned cyber threats.
The attack, which began at approximately 8:20 AM, was announced with grim fanfare on the group’s Telegram channel, a favourite communication platform for hacktivist collectives. NoName057(16) described the breach as a “deserved cyber response” to what they termed “Russophobic actions” by Italy, a country vocally supportive of Ukraine in the ongoing war.
A Pattern of Provocation
This latest attack is part of an alarming trend in which pro-Russian groups target European countries aligned against Moscow. Italy, with its strong support for Ukrainian sovereignty, has found itself a repeated victim. The incident raises urgent questions about the resilience of public infrastructure in the face of increasingly brazen and politically motivated cyberattacks.
According to Italy’s National Cybersecurity Agency (ACN), the assault was a distributed denial-of-service (DDoS) attack, a method designed to overwhelm servers by flooding them with traffic. While such attacks are typically seen as disruptive rather than destructive, they are often preludes to more sophisticated campaigns.
Crippled Connections but Unbroken Systems
The websites of Malpensa and Linate airports, key transportation hubs for millions of passengers annually, were rendered inaccessible for nearly two hours. Alongside these, other sites, including those of Autolinee Torino, Autolinee Siena, and even the Italian Foreign Ministry, were targeted. Despite the apparent chaos, flight operations, passenger safety, and airport functionality remained unaffected.
ACN’s swift intervention limited the attack’s impact. Working closely with the airports’ IT teams and the National Cybercrime Centre for the Protection of Critical Infrastructures, the agency ensured the attacks were mitigated swiftly. “We anticipated such attempts and had robust measures in place,” an ACN spokesperson said. Mobile applications, which many passengers use for flight updates, remained operational throughout the ordeal.
The Hacktivist Machine: NoName057(16) and Its Modus Operandi
Emerging in March 2022, NoName057(16) has become one of the most prolific pro-Russian cyber groups. Their weapon of choice, the DDosia platform, exemplifies the industrialisation of cybercrime. Unlike traditional hackers, the group uses DDosia to crowdsource attacks, recruiting thousands of participants through Telegram. Members are rewarded in cryptocurrency for their efforts, turning cyber sabotage into a lucrative business.
Experts highlight the group’s military-like discipline. Targets are carefully selected, often symbolic of opposition to Russia’s geopolitical ambitions. In recent months, the group has struck institutions across Europe, including government websites and financial institutions in Finland, Poland, and Germany. This methodical approach, combined with financial incentives for participants, has made NoName057(16) one of the most effective hacktivist collectives operating today.
A History of Escalation
This is not the first time Italian infrastructure has been under siege. In May 2023, during Ukrainian President Volodymyr Zelensky’s visit to Rome, NoName057(16) launched a similar wave of attacks. Earlier breaches targeted banking systems, regional governments, and even educational institutions. Each incident has been a reminder of the persistent and evolving threat posed by state-aligned groups.
Strengthening Defences in a Digital Age
In response to this latest attack, Italy has accelerated plans to bolster its cybersecurity infrastructure. The Foreign Ministry has announced the establishment of a dedicated cybersecurity and artificial intelligence department. Measures include enhanced network monitoring, adoption of advanced threat detection tools, and the separation of public-facing systems from operationally critical networks.
At the European level, Italy has called for deeper collaboration on cybersecurity, urging member states to strengthen the framework provided by the Network and Information Security Directive (NIS2). Coordinated international responses are also being explored, with Italy sharing intelligence with partners including the US Cybersecurity and Infrastructure Security Agency (CISA).
What’s Next?
While the immediate impact of the attacks was contained, the implications are profound. Cybersecurity experts warn that the use of platforms like DDosia marks a dangerous shift, where the lines between nation-state actors and criminal enterprises blur. As technology advances, so too does the complexity of these threats, leaving critical infrastructure perpetually at risk.
For passengers at Malpensa and Linate, the disruption may have been little more than a temporary inconvenience. But for Italy — and indeed the world — the incident underscores the urgency of fortifying digital defences against an enemy that thrives in the shadows.
As one cybersecurity analyst noted, “The next battlefield is not one of land or air, but of data and systems. And it’s already here.”