Killnet cyber attacks against Italy and NATO countries

In May 2022, a series of cyberattacks targeted Italian institutional websites, including the Italian Senate and the Ministry of Defense, as well as sites in other countries, with pro-Russian hacker groups Killnet and Legion claiming responsibility. These attacks, using the Mirai malware to execute distributed denial-of-service (DDoS) attacks, marked the first claimed assault on Italy by pro-Russian cyber groups since the onset of the Ukraine conflict. Killnet and Legion have previously targeted nations opposed to Russia, leveraging a botnet primarily composed of foreign devices, with financial backing from enthusiasts rather than official authorities. The Sysdig Threat Research Team has been monitoring Mirai-based malware, noting a significant increase in activity coinciding with the conflict in Ukraine, and has developed detection rules using the Falco security tool to identify such malicious activities. The attacks highlight vulnerabilities in the network services of institutional servers, suggesting a need for improved cybersecurity measures and transparent communication to enhance awareness and prevent future incidents.