Italy’s Computer Security Incident Response Team (CSIRT) has issued an urgent alert to raise awareness about the high risk of cyberattacks against national entities on Monday.
The type of cyberattack the Italian organization refers to is DDoS (distributed denial-of-service), which may not be catastrophic but can still cause damage, financial or otherwise, due to service outages and disruptions.
“There continue to be signs and threats of possible imminent attacks against, in particular, national public entities, private entities providing a public utility service or private entities whose image is identified with the country of Italy,” explains the public alert.
The signs are posts from the Killnet group’s Telegram channel that incited to ‘massive and unprecedented’ attacks against Italy.
Killnet is a pro-Russian hacktivist group that attacked Italy two weeks ago, using an old but still effective DDoS method known as ‘Slow HTTP’.
As such, the defensive actions proposed by CSIRT this time are associated with this type of attack but also include various generic pieces of advice on good security practices.
Operation Panopticon
Killnet announced “Operation Panopticon” last Tuesday, calling for 3,000 “cyber fighters” to volunteer in 72 hours. The group repeated the call to action several times last week.
The relevant sign-up form asks the volunteers about their system, origin, age, and Telegram account and provides the required tools to launch resource-depletion attacks.
While DDoS seems to be the primary goal, it could be that Killnet plans to use DDoS to force defenders to deal with service disruptions instead of remediating active cyberattacks.
Today, Killnet gave an etymological explanation of the word Panopticon, giving data leak innuendos and warning that 90% of the country’s officials ‘will go crazy’.
Using machine translation, the text above reads:
Hacker feud
Killnet targeting Italian organizations is the result of the group recent targeting of entities in several countries, Italy among them, for supporting Ukraine’s resistance against Russia.
This sparked action from Anonymous Italy, who started hitting Killnet and doxing some of its members by publishing photos on social media. As a result, Killnet struck back
At the moment of writing, the website of CSIRT Italy was intermittently unavailable, but no lengthy connectivity issues were noticed.
There have also been reports about Poste Italiane, Italy’s national postal service provider suffering a multi-hour outage this morning.
However, the agency has told la Repubblica that this outage wasn’t caused by Killnet attacks but due to a software upgrade that didn’t go as planned.
Other local media reports that follow the status of Italian sites closely report that the online portals of the State Police and the Italian Ministries of Foreign Affairs and Defense also appear irresponsive today.
BleepingComputer can confirm that the sites of the two ministries appear to have been impacted by a DDoS attack at the time of writing.