Cyber Threats in Italy – ACN Operational Summary, April 2025

Article Thumbnail
ACN | ransomware | cyber threats | CSIRT | Italy cyber report | DDoS | vulnerabilities | spear phishing

Cyber Threats in Italy – ACN Operational Summary, April 2025

May 22, 2025

The April 2025 Operational Summary from Italy's National Cybersecurity Agency (ACN) presents a clear picture of the evolving cyber threat landscape in Italy. Despite a drop in overall cyber events from the previous month, ransomware and DDoS attacks have surged significantly. With the NIS2 compliance deadline approaching, organizations must be particularly vigilant against these threats.

Key Figures – April 2025

  • 163 cyber events recorded (-82 vs March)
  • 260 confirmed victims (-531)
  • 426 potentially compromised assets (-819)
  • 24 ransomware attacks (+30% month-over-month)
  • Sharp decrease (~90%) in DDoS attacks and 80% in defacement incidents
  • 67 alerts published on the CSIRT Italia website
  • 4,299 new CVE vulnerabilities reported (+360 vs March)

Most Affected Sectors

  • Central Public Administration
  • Telecommunications (notably via spear phishing attacks)
  • Transport and logistics infrastructure

Key Technical Weaknesses

  • Improper email authentication system configurations (SPF, DKIM, DMARC)
  • Decline in hacktivist activity related to the Russia–Ukraine conflict

The CSIRT Italia sent 3,733 direct communications in April alone to warn organizations of risks or ongoing threats. As cyber risks continue to evolve, timely intelligence remains critical to maintaining national digital resilience. Organizations subject to NIS2 baseline security measures must implement robust protection against these threats. Our NIS2 compliance guide provides detailed recommendations for addressing these threats.

Read the full summary: Cyber Threats in Italy – ACN April 2025

Key highlights

  • Cyber Threats in Italy – ACN Operational Summary, April 2025 summarizes Aegister's event participation and key outcomes.
  • The publication date for this update is 2025-05-22.
  • The focus remains on international cybersecurity networking and service positioning.

FAQ

What event is covered in this recap?

This article covers Aegister's participation in an international cybersecurity event highlighted in the post.

Where could visitors meet Aegister during the event?

Visitors could meet the team at stand SP64 during the event days.

How can organizations follow up after the event?

Organizations can continue the conversation through Aegister's official channels and published insights.

Official sources

Operational implications after the event

Cyber Threats in Italy – ACN Operational Summary, April 2025 should be used as an operational follow-up reference, not only as an event recap. Organizations evaluating similar initiatives should map discussed themes to internal priorities, decision owners, and next action windows so the event output becomes execution input.

  • Extract practical control themes and assign review owners in GRC and security teams.
  • Translate high-level takeaways into measurable implementation tasks and deadlines.
  • Document stakeholder decisions and preserve evidence of why priorities were selected.
  • Use recurring checkpoints to validate that post-event actions remain aligned with risk objectives.

Publication reference date: 2025-05-22. Keep timeline communication consistent with absolute calendar dates.

Share this post