Cyber-attacks at +53% in the first six months of 2025. Threat against PA, telecoms and energy explodes

In the first half of 2025, Italy witnessed a surge in cyber events and incidents, according to data just published by the National Cybersecurity Agency (NCA). In the January-June period, 1,549 cyber events were recorded, a 53% increase compared to the same six months of 2024. Of these, 346 were classified as confirmed impact incidents, almost twice as many (+98%) as in the previous year.

The detected increase is partly attributed to the increased detection capacity of the Csirt Italia (Computer Security Incident Response Team), thanks also to the enactment of Law No. 90 and Legislative Decree No. 138 of 2024. However, it is mainly Distributed Denial of Service (DDoS) campaigns, data exposure and phishing that have an impact.

Local and central public administration, together with the telecommunications sector, remain among the main targets of cyber attacks. In April, a wave of spearphishing targeted the Telco sector, while in March, a breach at a web service provider involved several local authorities. The central public sector suffered mainly DDoS attacks and phishing campaigns.

There were 91 ransomware attacks recorded in the six months, virtually stable compared to 92 in 2024. Among the hardest hit victims were universities, the health sector, the energy sector, and digital providers for the PA, with serious incidents disrupting operations and causing ripple effects in February.

DDoS attacks increased by 77 per cent from 336 in the first half of 2024 to 598 in 2025. The campaign conducted in June by pro-Russian actors was particularly intense: 13 days of attacks, 275 incidents directed against 124 targets. Although the impacts were mostly contained, CSIRT Italy played a crucial role in mitigating the disruptions.