An Italian government official confirmed that the attack took place last spring and lasted for more than four months but did not infiltrate an encrypted system used for classified communications.
Paolo Gentiloni, the Italian prime minister who was serving as foreign minister at the time, was not affected by the hack, according to the official, who said Gentiloni avoided using email while he was foreign minister.
The foreign ministry’s “field offices”, including embassies and staff members who report back to Rome about meetings with foreign officials, were affected by the malware attack. But the government official said sensitive information had not been compromised because it would also have been encrypted.
The official did not confirm that Moscow was behind the attack. But two other people with knowledge of the attack said the Russian state was believed to have been behind it. The hacking is now the subject of an inquiry by the chief prosecutor in Rome.
“There were no attacks on the encrypted level. So the information – delicate, sensitive information – that is usually shared in this net, which is restricted by code, has never been attacked or part of this attack,” the government official said.
The person said that after the attack was discovered, the foreign ministry modified its online “architecture” and introduced new instruments to enhance internal security. The official declined to comment on how the intrusion was detected.
The revelation comes amid heightened concerns that Russia has targeted Nato members, including the US, France, Germany, the Netherlands and Bulgaria, as part of a cyber campaign that seeks to weaken the governments of those countries and disrupt critical infrastructure.
In the US, intelligence agencies have blamed Russian government-sponsored hacking groups for breaching the Democratic National Committee and officials in Hillary Clinton’s campaign during the 2016 presidential elections, in part to try to help Donald Trump win the White House.
People who discussed the matter with the Guardian on condition of anonymity said they believed the attack against the foreign ministry was an attempt to gain insight into decision-making within the Italian government.
If Russia did attack Italy, it was targeting a country generally considered less hostile to it than other EU countries such as Germany or the UK. While Italy has supported sanctions against Russia that were imposed following the annexation of Crimea, the government under former prime minister Matteo Renzi strongly opposed a proposal to levy new sanctions against Moscow for its role in the Syrian conflict.
News of the hacking could stoke concerns that Russia may seek to influence the next Italian election, which could be called as early as June. In an interview with the Guardian late last year, a foreign diplomat in Rome questioned whether the current centre-left government, which will face a tough re-election challenge, had prepared itself for possible interference by Russia.
The government’s main opposition, the anti-establishment Five Star Movement, has adopted pro-Russian positions on topics ranging from Vladimir Putin’s military intervention in Syria, to his invasion of Ukraine, to a call for Italy to lift sanctions against Russia and reassess its commitment to Nato.
A representative of the Russian government was quoted by Ansa, the Italian news agency, as saying the allegations were unproven.”There are no facts that prove this statement,” Maria Zakharova, a spokesperson for the Russian foreign ministry, said in a WhatsApp message in response to a question about the veracity of the hacking allegation.
Raffaele Marchetti, a political scientist and cybersecurity expert at LUISS University in Rome, said Italy had stepped up its attention to security recently and that he had been encouraged by the appointment of Marco Minniti as interior minister because of Minniti’s expertise on the cyber issue.
“But of course much more needs to be done and implemented,” Marchetti said.
Italy’s vulnerability to cyber-attacks was exposed earlier this year following the arrest of a brother-sister hacking duo who were accused of trying to illegally gain access to the email accounts of Renzi when he was prime minister, as well as several other prominent Italian politicians and business executives.
Giulio Occhionero and his sister Francesca Maria, who was born in the US and is an American citizen, maintained servers in the US that were seized by the FBI as part of the investigation.
The servers are due to be sent to Italy and officials have said the extent of the pair’s alleged crimes will only be known once the servers are examined. While they are not believed to have gained access to Renzi’s email account, there is deep suspicion within the security community in Italy that the two were likely working with or on behalf of other foreign or domestic interests.
The two are still being held in jail. Their lawyers have denied the siblings committed any wrongdoing.