Italy under hacker attack: Killnet from threats to facts, the defense holds up

Killnet he promised: we will attack ItalyAnd the consequences will be irreversible. Well, the hacker attack was there, but after a long battle he was rejected. Once again the group that responds directly to the Kremlin is targeting our country, accused of having sided with Ukraine by supporting it in the war against Russia with weapons and political support. It had already happened a few days ago, and it will happen again.

Let’s reconstruct the facts: on Telegram the hacker group Killnet announces the attack, the CSIRT – Computer Security Incident Response Team of the Italian Government – raises the alarm by drawing the attention of public and private institutions, which are advised to raise the IT security barriers. The CSIRT, in particular, writes:

There continue to be signs and threats of possible imminent attacks against, in particular, national public entities, private entities providing a public utility service or private entities whose image is identified with the country of Italy.

They await DDoS attacksthe first concerns are when the post office site went offline for a few minutes yesterday. The same post office will later warn that Russia is foreign to the incident, the cause is rather a small technical problem solved in a short time.

The actual attack occurs later, and directly affects the CSIRT for over 10 consecutive hours in three distinct phases:

  • the first, characterized by a high frequency of packets attributable to TCP-SYN, UDP, TCP SYN / ACK Amplification attacks (state exhaustion attacks), simultaneously with volumetric attacks carried out through DNS Amplification and IP Fragmentation;
  • a second of similar intensity to the first, started with an IP Fragmentation attack and subsequently brought back by the attacker to the previous types, albeit without DNS amplification;
  • a last one, of greater temporal duration, but with a lower frequency, in which volumetric attacks and state exhaustions are in any case alternated.

The CSIRT believes it was more of a demonstrative attack than a destructive one, but the consequences could have been equally disastrous. They directly targeted the team that deals with the country’s cybersecurity, so they went directly to the source to create panic and inconvenience. The skills of the CSIRT experts were so high that they completely repelled the attack, despite having been perfectly orchestrated by the collective as it was conducted by 80 different countries at the same time to make the defense strategy more difficult. The hacked computers exploited by Killnet were used to download traffic to the Italian site with very high peaks, up to 40Gbps.

The attacks were mitigated by Anti-DDoS systems to protect the portal, without affecting the availability of the website for legitimate users,

you can read on the CSIRT website. It was one of the largest attacks never registered in Italy.

Hence even the praise – sarcastic? – of Killnet to Italy, capable of responding strongly to the attack. A few hours later, however, a completely different message was published on the official Telegram channel:

The easiest prey is Italy, it’s easier for us to manipulate your mood than with Romania. How much money did you spend on protection while you waited for May 30 at 5am (the time the hackers originally made an appointment, ed)? Poor Italians, how do you live under such pressure of lies?

This is followed by a list of the new targets: they are all Italian banks and credit institutions, including Credem, BNL, Mediobanca, Bank of Italy and Unicredit. Those of Killnet seem to know the Italian institutions very well, and apparently this would be due to the presence of several of our fellow citizens within the collective.