Hackers Claim Control Over Venice’s San Marco Flood Defense System in High-Stakes Cyberattack
On April 12, 2026, hackers operating under the names Infrastructure Destruction Squad and Dark Engine announced they had breached Venice’s San Marco flood defense system, gaining administrative access to critical hydraulic pumps. The group, which communicated via a Telegram post in Chinese, claimed the ability to disable flood protections and inundate coastal areas a threat with potential physical and political consequences.
The attack began in late March, with intruders accessing the system’s control interface and later releasing screenshots of control panels, valve states, and system layouts as proof. The hackers framed the breach as a demonstration of Italy’s critical infrastructure vulnerabilities, offering full root access to the Sistema di Riduzione Rischio Allagamento (Flood Risk Reduction System) managed by the Italian Ministry of Infrastructure and Transport for just $600. Their stated motives included exposing security weaknesses and enabling political leverage against the Italian government.
While authorities confirmed that defenses protecting the Basilica di San Marco remained operational, the incident underscored the growing risks to operational technology (OT). Unlike traditional IT systems, OT directly controls physical processes, meaning breaches can lead to service disruptions, economic damage, or public safety threats. The Venice attack reflects a broader trend: critical infrastructure worldwide is increasingly targeted due to the convergence of IT and OT, reliance on legacy systems, and remote access vulnerabilities.
The same week, U.S. agencies including the FBI, CISA, and NSA warned of Iran-linked advanced persistent threats (APTs) exploiting exposed OT systems. Groups like CyberAv3ngers, tied to Iran’s Islamic Revolutionary Guard Corps (IRGC), have manipulated project files and SCADA/HMI data to disrupt water, energy, and government services. These attacks often exploit legitimate tools and exposed interfaces rather than zero-day vulnerabilities, highlighting architectural weaknesses in industrial security.
The Venice breach deviated from typical financially motivated ransomware, instead prioritizing disruption and symbolic impact. The attackers’ low asking price for system access ($600) suggested a focus on proving capability rather than profit. The incident serves as a stark reminder that cyber threats to OT are no longer theoretical vulnerabilities in code can translate into real-world consequences, from flooded historic sites to compromised national security.
Ministero delle Infrastrutture e dei Trasporti cybersecurity rating report: https://www.rankiteo.com/company/mit-gov
"id": "MIT1776062007",
"linkid": "mit-gov",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'customers_affected': 'Venice residents, historic '
'sites (e.g., Basilica di San '
'Marco)',
'industry': 'Infrastructure/Transportation',
'location': 'Italy',
'name': 'Italian Ministry of Infrastructure and '
'Transport',
'type': 'Government'}],
'attack_vector': 'Exposed control interface, remote access vulnerabilities',
'data_breach': {'file_types_exposed': ['Screenshots of control panels',
'Valve states',
'System layouts'],
'sensitivity_of_data': 'High (critical infrastructure '
'operational data)',
'type_of_data_compromised': 'Control system data (valve '
'states, system layouts, control '
'panels)'},
'date_detected': '2026-03-31',
'date_publicly_disclosed': '2026-04-12',
'description': 'On April 12, 2026, hackers operating under the names '
'*Infrastructure Destruction Squad* and *Dark Engine* '
'announced they had breached Venice’s San Marco flood defense '
'system, gaining administrative access to critical hydraulic '
'pumps. The group claimed the ability to disable flood '
'protections and inundate coastal areas, posing potential '
'physical and political consequences. The attack began in late '
'March, with intruders accessing the system’s control '
'interface and releasing screenshots of control panels, valve '
'states, and system layouts as proof. The hackers framed the '
'breach as a demonstration of Italy’s critical infrastructure '
'vulnerabilities, offering full root access to the *Sistema di '
'Riduzione Rischio Allagamento* (Flood Risk Reduction System) '
'for $600.',
'impact': {'brand_reputation_impact': 'Undermined confidence in Italy’s '
'critical infrastructure security',
'operational_impact': 'Potential disruption of flood protections, '
'risk of inundation',
'systems_affected': 'San Marco flood defense system, hydraulic '
'pumps, control interface'},
'lessons_learned': 'The incident underscored the growing risks to operational '
'technology (OT), where breaches can lead to service '
'disruptions, economic damage, or public safety threats. '
'It highlighted vulnerabilities in IT-OT convergence, '
'reliance on legacy systems, and remote access weaknesses.',
'motivation': ['Exposing security weaknesses',
'Political leverage',
'Demonstration of capability'],
'post_incident_analysis': {'root_causes': 'Exposed control interfaces, remote '
'access vulnerabilities, legacy '
'systems, IT-OT convergence '
'weaknesses'},
'ransomware': {'ransom_demanded': '$600'},
'recommendations': 'Enhance security for OT systems, address architectural '
'weaknesses, improve monitoring of exposed interfaces, and '
'prioritize critical infrastructure protection.',
'references': [{'date_accessed': '2026-04-12',
'source': 'Telegram post by threat actors'}],
'threat_actor': ['Infrastructure Destruction Squad', 'Dark Engine'],
'title': 'Hackers Claim Control Over Venice’s San Marco Flood Defense System '
'in High-Stakes Cyberattack',
'type': 'Cyberattack on Operational Technology (OT)',
'vulnerability_exploited': 'Legacy systems, architectural weaknesses in '
'industrial security, IT-OT convergence'}