Security Experts:

Connect with us

Hi, what are you looking for?



Pro-Russian Group DDoS-ing Governments, Critical Infrastructure in Ukraine, NATO Countries

A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.

A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.

Also known as NoName05716, 05716nnm or Nnm05716, the threat actor has been supporting Russia’s invasion of Ukraine since March 2022, launching disruptive attacks against government and critical infrastructure organizations.

To date, the group has launched DDoS attacks against government, military, telecommunications, and transportation organizations, as well as media agencies, suppliers, and financial institutions in Ukraine, Czech Republic, Denmark, Estonia, Lithuania, Norway, and Poland.

According to cybersecurity firm SentinelOne, the group focused on Ukrainian news websites at first, but later shifted attention to NATO-associated targets, aiming to silence what it deems to be anti-Russian.

NoName057(16) uses a Telegram channel to claim responsibility for disruptions, justify its actions, make threats, and mock targets. The group, SentinelOne says, “values the recognition their attacks achieve through being referenced online”.

The threat actor was also seen abusing GitHub to host tools advertised on their Telegram channel, including the DDoS tool DDOSIA, a multi-threaded application that has both Python and Golang implementations.

GitHub promptly removed the NoName057(16)-associated accounts and repositories after being informed about the nefarious activity.

Some of the most recent incidents attributed to the group include the targeting of the Polish government in December 2022, attacks on Lithuanian organizations (mainly cargo and shipping firms) in January 2023, and hits on Danish financial institutions.

This week, the group was seen attempting to disrupt the 2023 Czech presidential elections, taking place January 13-14.

“Specific targets include domains for candidates Pavel Fischer, Marek Hilšer, Jaroslav Bašta, General Petr Pavel, and Danuše Nerudová. Additionally, the Ministry of Foreign Affairs of the Czech Republic website was also targeted at the same time,” SentinelOne notes.

Throughout 2022, the group has been observed employing various tools for carrying out attacks, including Bobik-infected systems, which are ensnared in a botnet. According to SentinelOne, however, NoName057(16) “appears to primarily seek participation voluntarily through their DDOSIA tool”.

“NoName057(16) is yet another hacktivist group to emerge following the war in Ukraine. While not technically sophisticated, they can have an impact on service availability– even when generally short lived. What this group represents is an increased interest in volunteer-fueled attacks, while now adding in payments to its most impactful contributors,” SentinelOne concludes.

Related: Russian APT Gamaredon Changes Tactics in Attacks Targeting Ukraine

Related: Ukraine’s Delta Military Intelligence Program Targeted by Hackers

Related: New ‘Prestige’ Ransomware Targets Transportation Industry in Ukraine, Poland

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.