Italian police block pro-Russia attacks during Eurovision

The authorities foiled cyberattacks pro-Russian groups Killnet and Legion during the 2022 Eurovision Song Contest in Turin last week.

The Italian police's cybersecurity department blocked several attacks by Killnet during the voting and the performances of Eurovision 2022's semifinals (10th and 12th May) and final (14th May).

Italian authorities monitored hacking groups' Telegram chats in order to trace their whereabouts - just one of the activities taking place in a 24-hour monitoring room the police had set up to handle cyberattacks during the event.

Killnet had threatened to send 10 billion requests to Eurovision's online voting system in an attempt to crash it, and to disrupt the process by adding false votes to some countries.

In the event, that turned out to be empty talk and Ukraine swept to victory on the back of support from both judges and the public.

Russia was barred from participating in Eurovision this year following the Kremlin-ordered invasion of Ukraine, a move organisers claimed was intended to keep politics out of a competition that promotes diversity and friendship among nations.

Many Western nations have raised their alert levels in anticipation of possible cyberattacks on their IT systems and infrastructure since Russia's invasion.

On the 11th May, just days before the event's final, Killnet claimed responsibility for an attack on the websites of many Italian institutions, including the Senate and the National Health Institute.

The Automobile Club d'Italia and several other Italian organisations were also hit by the attack.

Italian authorities described the attacks as "serious incidents." Senate president, Maria Elisabetta Alberti Casellati, said there was no long-term damage to parliament's websites.

"No damage from the attack, which involved the external network of the Senate. Thanks to the technicians for the immediate intervention. These are serious episodes, which should not be underestimated. We will continue to keep our guard up," she said on Twitter.

Killnet also launched distributed denial-of-service (DDoS) assaults against Romanian government websites in April, including the Ministry of Defence, national railway company and border police.

A DDoS attack seeks to exhaust a server's resources, rendering it unable to respond to genuine user requests.

According to Killnet, it launched the strike because Romania backed Ukraine in the conflict.

Killnet specialises in DDoS attacks and has previously targeted sites associated with the US, Poland, Estonia, the Czech Republic and other NATO allies.

Members of Killnet said on Telegram that their attack on Italy was not as harsh as their attack on Romania.

"Our Legion conducts military cyber exercises in your countries in order to improve their skills. Everything happens similarly to your actions - the Italians and the Spaniards are going to learn how to kill people in Ukraine," an alleged member of the group said.

"You must understand that this is training. Don't make too much noise, I'm sick of the amount of news about attacks on the Senate. I give you my word of honor that our cyber army will soon finish training in your territory, and we will go on the offensive. It will happen suddenly and very quickly."

Microsoft vice president Tom Burt said last month that the company's cybersecurity experts believe cyberattacks will continue to grow and widen as the war between Russia and Ukraine continues.

Join us at the CyberSecurity Festival 2022, taking place across 3 days in June, where we will come together to learn, collaborate and tackle the biggest technology security challenges. Find out more and register for free.