RHC Dark Lab : 11 July 2025 07:36
In recent months, two disturbing episodes have shaken public opinion and the Italian cybersecurity sector. The first concerned an Italian hospital, violated in its most sensitive heart: videos of patients and operating rooms ended up online, exposing not only the inadequacy of protection systems, but also the vulnerability of our own digital humanity. Other episodes, we have seen them hit the SCADA systems of hotels and other infrastructure, where full access to critical facilities has been obtained by two groups: Overflame and Sector16.
The latter, Sector16, are the subject of our exclusive interview. A name that until recently was known only among insiders, but which today is beginning to be present in European cyber intelligence reports. Their operations, characterized by surgical precision and a raw and provocative communicative language, are part of a new paradigm of digital activism, in which the line between sabotage, demonstration of force and organized crime is increasingly thin.
In this conversation, we tried to understand who they are, what moves them and how far they intend to go. What emerged is the portrait of a collective that does not limit itself to violating systems, but that intends to launch messages, challenge the boundaries of IT security and – according to them – “highlight the rot in the heart of Italian digital infrastructure”.
RHC: The name “Sector16” has a precise connotation: it recalls a technical, almost military language, and suggests a certain degree of organization or strategic vision. What does this name represent for you? Is it linked to a place, a concept, a provocation?
SECTOR16: In the movie “The Hills Have Eyes” there is mention of an abandoned military range called SECTOR 16. The name emphasizes the atmosphere of isolation and danger in which the characters face different threats in this suspicious and abandoned place.
RHC: What drives you to focus many of your attacks on Italian infrastructures? Is it a strategic, symbolic choice or is there a more personal motivation behind this constancy?
SECTOR16: The Italian infrastructures are the most vulnerable, which is why we will continue to attack it until its systems are protected by strong passwords and reliable authentication methods.
RHC: In many of your attacks, you’ve targeted SCADA systems, devices, and industrial plants that are usually ignored by traditional criminal groups. What fascinates you about these environments and why do they seem to be at the center of your campaigns?
SECTOR16: We are interested in SCADA systems, because before us this sector was not very developed and has a fundamental impact on the most important infrastructures of the entire planet, in some cases being of critical importance.
RHC: Do you consider yourself hacktivists moved by an ideal, or do you operate with other purposes? Basically, how do you define yourself and what distinguishes Sector16 from a group of common cybercriminals and perhaps profitable?
SECTOR16: We don’t consider ourselves idealists, there are no ideals, there will always be someone better than you. Therefore, we strive to improve and learn something new. We differ from ordinary groups because we are human, and we do it not only to harm, but also to help protect the system with our light attacks.
RHC: The attack on an Italian hospital had a very strong human and media impact, especially for the publication of videos of patients and operating rooms. You told us in our first contacts that you did not sell the data you exfiltrated to other cybercriminals. How do you justify this action? Is there a message behind it or was it just a means to demonstrate your skills?
SECTOR16: The hospital in Italy was discovered by chance, we did not expect it to arouse such an outcome. We have not sold the data to anyone, there is no financial intent. We left some of our own traces so that administrators could eliminate the vulnerability. At the moment, the server is no longer responding, which means that the administrators have eliminated the vulnerability. There wasn’t a large amount of data on the server that could be transferred to anyone, the main discovery was about the cameras, not the data inside them.
RHC: On the occasion of the attack on the SCADA system of a luxury hotel in Capri, you collaborated with Overflame. Was it a one-time partnership or are you part of a larger network of groups with common goals?
SECTOR16: This was not the only collaboration with Overflame and hopefully it will not be the last, they also participated in the attack on the hydroelectric power plant in France and several other attacks on SCADA systems
RHC: C’è una motivazione ideologica o politica che guida le vostre azioni? Vi sentite parte di una battaglia contro il sistema o operate secondo una vostra personale etica
SECTOR16: Il nostro gruppo ha convinzioni politiche e un certo patriottismo verso il nostro Paese, un amore per esso. Ma questo non è legato a motivazioni ideologiche di natura nazionale o religiosa. Siamo parte attiva della lotta contro il sistema criminale Ucraino e possiamo apportare piccoli cambiamenti al nostro futuro e al nostro presente.
RHC: From the information gathered, it seems that your operations are planned down to the smallest detail. How much time do you spend studying and gathering information before carrying out an attack?
SECTOR16: In fact, planning an attack can take a maximum of one day; Mostly we try to think about our actions, what the consequences will be and how to minimize or increase them.
RHC: Do you use tools that are already public to violate your goals or do you prefer to develop exploits and custom tools? How important is the technical part in the affirmation of your identity?
SECTOR16: We use ready-made and well-known tools to penetrate systems, but we also write our own exploits. The technical part is very important, because it directly affects the success and quantity of attacks.
RHC: What is your opinion on the security of Italian critical infrastructures? If you had to give a scale from 1 to 10, how difficult are Italian infrastructures to violate? Compared to other European countries, is Italy an easy target or simply neglected?
SECTOR16: We will rate the security of critical infrastructure in Italy with a maximum of 3/10, as they have given up on security and cannot even set decent passwords for their systems or even set a system password.
RHC: Once you have access to a system, what are your main goals? Are you interested in simple access, data collection, demonstration of systemic failure, or something else?
SECTOR16: We are interested in access to the system itself, what is present, and what can be controlled. The bigger the server, the better for us, because it means we have extensive access and quality content.
RHC: According to you, you have received several offers to buy the data you obtained in your recent attack. Public opinion is not clear about the market behind actions similar to yours, could you tell us what kind of offers (and amount of money) you have received? How would you explain the seriousness of the situation when health data are obtained from malicious actors?
SECTOR16: We do not sell data to other groups, as it is not our job, despite the fact that we have been offered to purchase some SCADA systems on several occasions. I can’t give specific examples, as this is confidential information and we don’t want to expose other teams.
RHC: Have you ever considered monetizing your skills through ransomware, extortion, or access sales in the past, or is money not your goal?
SECTOR16: We have a very negative attitude towards ransomware. We believe that they violate any form of morality. To give a simple example: when we gained access to the computer of the Italian hospital, we could have encrypted it, but because of our principles and moral standards, we abandoned the idea and simply left a mark.
RHC: How do you select your targets? Are there precise criteria – symbolic, strategic, geopolitical – or is it a question of technical opportunities and vulnerabilities?
SECTOR16: There are no clear criteria for attacks. Mostly, the choice of countries to hit is random and, as we have noted, a large percentage of SCADA systems found are Italian or Spanish. It all depends on the range of IP addresses.
RHC: Is Sector16 a closed and structured group or is there a more fluid network where new members can be welcomed? What is your organizational model?
SECTOR16: Anyone who passes our little test can try to become part of SECTOR16. The important thing is that the person wants to work and learn something new. Experience is very important, because it affects the number of attacks.
RHC: Considering the growing impact of your actions, do you fear being identified and prosecuted by law enforcement, or do you feel safe behind your digital anonymity? Telegram is opening up to law enforcement agencies in this period. How do you see all this?
SECTOR16: We are directly afraid of being identified, which is why we try to hide our identity in every possible way and plan to leave Telegram in the future.
RHC: If you had the opportunity to send a direct message to governments or the public, what would you like them to really understand about Sector16 and your actions?
SECTOR16: We want to help the infrastructure of the entire planet, but to do so you need to send a signal so that people can understand the problem and, thanks to experience, avoid similar mistakes. I wouldn’t say that the problem of VNC protection is particularly dangerous: you just need to set up complex passwords, and everything is solved.
RHC: Blackhats are always stronger than whitehats, you are always one step ahead! Why not offer your skills for adequate compensation to increase the security of companies’ and organizations’ systems?
SECTOR16: We are already looking to improve the security of systems and organizations. We do not pursue rewards or money of any kind, we are ready to help white hats and provide them with valuable knowledge for the benefit of our society.
RHC: During your intrusions, how important is social engineering compared to simple technical vulnerability? Have you ever leveraged internal employees, targeted phishing, or other human manipulation techniques?
SECTOR16: Social engineering plays almost no role in our attacks. It is the human factor that has an impact. We do not currently use insiders or phishing.
RHC: How important is the persistence component in your attacks? Do you limit yourself to a one-shot exploit or do you build lasting and invisible accesses over time?
SECTOR16: Some exploits we use for months, others only for a few days. Of course, persistence plays a vital role in our team.
RHC: Sector16, thank you again for your time and your valuable answers to our readers! We leave you this last space to say what you want in total freedom.
SECTOR16: Be careful with your security, use strong passwords and secure VPNs. And remember: “Let’s destroy the present for a better future”.
RHC: What’s the easiest Italian password you’ve ever found?
SECTOR16: One of the easiest passwords on an Italian server is 111111.
RHC: You said you’re leaving Telegram. Can we know which platform you will use?
SECTOR16: We are thinking of leaving Telegram for Jabber, but the main problem is the audience, which is larger and more accessible on Telegram.
RHC Dark Lab