Italy’s Critical Infrastructure Under Siege by Unprecedented Cyberattacks in 2025
Italy faced a sharp rise in cyber threats during 2025, with critical infrastructure and essential services under sustained attack. Authorities recorded thousands of incidents, many linked to organised groups or state-backed actors. The scale of the problem has prompted stronger responses from law enforcement and cybersecurity agencies.
Over the year, Italy’s Postal and Cybersecurity Police documented 9,250 cyberattacks. Among these, 942 targeted critical infrastructure, essential service providers, and local authorities. Of those, 535 were classified as particularly severe, highlighting the growing risk to vital systems.
The National Cybercrime Center for Critical Infrastructure Protection (CNAIPIC) issued more than 49,000 alerts in 2025. Private companies and organisations reported 275 serious breaches, while supply chains and smaller enterprises remained vulnerable entry points. Attackers frequently used social engineering, custom malware, zero-day exploits, and multi-stage assaults to bypass defences.
Distributed Denial of Service (DDoS) attacks became more powerful and strategically timed. Many incidents were traced to structured groups, including Advanced Persistent Threats (APTs), though attribution remained difficult. Advanced obfuscation, anonymisation, and false-flag tactics made it hard to identify those responsible.
The healthcare sector emerged as a prime target due to the high value of its data and the severe consequences of breaches. Authorities identified and charged 169 individuals while handling 47 international cooperation requests. Despite these efforts, publicly available reports up to early 2026 do not attribute the 942 attacks to a single group. Instead, they suggest a mix of financially motivated criminals, ransomware gangs, hacktivists, and possibly state-sponsored actors.
The surge in cyber incidents has exposed weaknesses in Italy’s digital defences, particularly among smaller suppliers and critical sectors. With thousands of alerts issued and hundreds of severe breaches recorded, the focus now shifts to strengthening protections and improving coordination. Law enforcement continues to track and disrupt cybercriminal networks, but the evolving nature of threats demands ongoing vigilance.
