Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Pro-Russian Group DDoS-ing Governments, Critical Infrastructure in Ukraine, NATO Countries

A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.

A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.

Also known as NoName05716, 05716nnm or Nnm05716, the threat actor has been supporting Russia’s invasion of Ukraine since March 2022, launching disruptive attacks against government and critical infrastructure organizations.

To date, the group has launched DDoS attacks against government, military, telecommunications, and transportation organizations, as well as media agencies, suppliers, and financial institutions in Ukraine, Czech Republic, Denmark, Estonia, Lithuania, Norway, and Poland.

According to cybersecurity firm SentinelOne, the group focused on Ukrainian news websites at first, but later shifted attention to NATO-associated targets, aiming to silence what it deems to be anti-Russian.

NoName057(16) uses a Telegram channel to claim responsibility for disruptions, justify its actions, make threats, and mock targets. The group, SentinelOne says, “values the recognition their attacks achieve through being referenced online”.

The threat actor was also seen abusing GitHub to host tools advertised on their Telegram channel, including the DDoS tool DDOSIA, a multi-threaded application that has both Python and Golang implementations.

GitHub promptly removed the NoName057(16)-associated accounts and repositories after being informed about the nefarious activity.

Some of the most recent incidents attributed to the group include the targeting of the Polish government in December 2022, attacks on Lithuanian organizations (mainly cargo and shipping firms) in January 2023, and hits on Danish financial institutions.

Advertisement. Scroll to continue reading.

This week, the group was seen attempting to disrupt the 2023 Czech presidential elections, taking place January 13-14.

“Specific targets include domains for candidates Pavel Fischer, Marek Hilšer, Jaroslav Bašta, General Petr Pavel, and Danuše Nerudová. Additionally, the Ministry of Foreign Affairs of the Czech Republic website was also targeted at the same time,” SentinelOne notes.

Throughout 2022, the group has been observed employing various tools for carrying out attacks, including Bobik-infected systems, which are ensnared in a botnet. According to SentinelOne, however, NoName057(16) “appears to primarily seek participation voluntarily through their DDOSIA tool”.

“NoName057(16) is yet another hacktivist group to emerge following the war in Ukraine. While not technically sophisticated, they can have an impact on service availability– even when generally short lived. What this group represents is an increased interest in volunteer-fueled attacks, while now adding in payments to its most impactful contributors,” SentinelOne concludes.

Related: Russian APT Gamaredon Changes Tactics in Attacks Targeting Ukraine

Related: Ukraine’s Delta Military Intelligence Program Targeted by Hackers

Related: New ‘Prestige’ Ransomware Targets Transportation Industry in Ukraine, Poland

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.