Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Pro-Russian Group DDoS-ing Governments, Critical Infrastructure in Ukraine, NATO Countries

A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.

A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.

Also known as NoName05716, 05716nnm or Nnm05716, the threat actor has been supporting Russia’s invasion of Ukraine since March 2022, launching disruptive attacks against government and critical infrastructure organizations.

To date, the group has launched DDoS attacks against government, military, telecommunications, and transportation organizations, as well as media agencies, suppliers, and financial institutions in Ukraine, Czech Republic, Denmark, Estonia, Lithuania, Norway, and Poland.

According to cybersecurity firm SentinelOne, the group focused on Ukrainian news websites at first, but later shifted attention to NATO-associated targets, aiming to silence what it deems to be anti-Russian.

NoName057(16) uses a Telegram channel to claim responsibility for disruptions, justify its actions, make threats, and mock targets. The group, SentinelOne says, “values the recognition their attacks achieve through being referenced online”.

The threat actor was also seen abusing GitHub to host tools advertised on their Telegram channel, including the DDoS tool DDOSIA, a multi-threaded application that has both Python and Golang implementations.

GitHub promptly removed the NoName057(16)-associated accounts and repositories after being informed about the nefarious activity.

Some of the most recent incidents attributed to the group include the targeting of the Polish government in December 2022, attacks on Lithuanian organizations (mainly cargo and shipping firms) in January 2023, and hits on Danish financial institutions.

This week, the group was seen attempting to disrupt the 2023 Czech presidential elections, taking place January 13-14.

“Specific targets include domains for candidates Pavel Fischer, Marek Hilšer, Jaroslav Bašta, General Petr Pavel, and Danuše Nerudová. Additionally, the Ministry of Foreign Affairs of the Czech Republic website was also targeted at the same time,” SentinelOne notes.

Throughout 2022, the group has been observed employing various tools for carrying out attacks, including Bobik-infected systems, which are ensnared in a botnet. According to SentinelOne, however, NoName057(16) “appears to primarily seek participation voluntarily through their DDOSIA tool”.

“NoName057(16) is yet another hacktivist group to emerge following the war in Ukraine. While not technically sophisticated, they can have an impact on service availability– even when generally short lived. What this group represents is an increased interest in volunteer-fueled attacks, while now adding in payments to its most impactful contributors,” SentinelOne concludes.

Related: Russian APT Gamaredon Changes Tactics in Attacks Targeting Ukraine

Related: Ukraine’s Delta Military Intelligence Program Targeted by Hackers

Related: New ‘Prestige’ Ransomware Targets Transportation Industry in Ukraine, Poland

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.