NoName057(16) is a pro-Russian hacker group that first declared itself in March 2022 and claimed responsibility for cyber-attacks on Ukrainian, American and European government agencies, media, and private companies. It is regarded as an unorganized and free pro-Russian activist group seeking to attract attention in Western countries. ^[1]

The first attacks claimed by the group in March 2022 were DDoS attacks targeting Ukraine news and media websites Zaxid ans Fakty UA among others. Overall the motivations of the group appear to center around silencing organisations the group deem to be anti-Russian. [1]

Activity

NoName057(16) operates using Telegram channels where they claim responsibility for their attacks, mock targets, make threats, and share educational content. They have used GitHub to host their DDoS tool website and associated repositories. The group has developed a DDoS tool named DDOSIA, which conducts denial-of-service attacks by repeatedly issuing network requests to target sites. ^{[2] [3]}

It is noteworthy that the threat actor appears to collaborate with other pro-Russian cyber collectives, such as Killnet and XakNet. ^{[2] [3]}

Ukrainian media employees received threatening letters from the NoName057(16) group. ^[4] This was confirmed by the Ukrainian ex-Ombudsman Lyudmila Denisova. ^[5] OSINT researcher Cyberknow20 has included NoName057(16) in his summary table of hacker groups, which he periodically updates. ^[6]

Motivation

On the Telegram channel of the group a "Manifesto" was posted 11/03/2022. ^[2]

The English translation reads:

Greetings, comrades! Hacker group NoName057(16) goes out on the warpath with Ukrainian sub-hackers and their corrupt servants! These admirers of the neo-fascists, who have seized power in Ukraine, are trying to attack the Internet resources of our country and intimidate our compatriots with their attacks orchestrated through the social networks and other communication channels. In response to their pathetic efforts, we are conducting massive attacks on Ukropropaganda resources that brazenly lie to people about Russia’s special operation in Ukraine, as well as on the websites of Ukrainian grief-hackers who try to support the neo-Nazi regime of Zelensky and a handful of drug addicts and Nazis from his mob! We have already conducted several successful attacks on Ukrainian resources, which have paralyzed users’ access to them. And this is just the beginning. To our enemies, we want to remind the words of the famous Russian commander Alexander Nevsky: “Whoever comes to us with a sword will perish by the sword!" Here we will talk about our cases and conducted attacks.

Known DDOS attacks

Canada

On September 13, 2023, the NoName057(16) group has launched a DDoS attack on many Canadian and Quebec government websites. A total of 8 sites are attacked. ^[7]

Ukrainian sites

Starting from March 2022, the NoName057(16) group has carried out a number of cyberattacks on Ukrainian media websites and Ukrainian media portals. For example, such as: the portal "Detector Media", ^[8] the site "Odesa Online", ^[9] the information agency "Competitor". ^[10]

Baltic sites

Latvia

The DDOS attack claimed by the NoName057(16) group disrupted the online train ticket sales system on the website and in the mobile application of the Latvian company Passenger Train (Pasažieru vilciens). ^[11] The company representatives stated in their Twitter account they had to stop selling tickets on the site and in the application because of the incident.

Lithuania

On June 21, representatives of the hacker group NoName 057(16) announced on their Telegram channel that they were joining the attacks on the websites of the Republic of Lithuania. In their appeal, they called on other communities of pro-Russian hackers, as well as individual hacktivists, to do the same. The hackers called their actions "revenge for Kaliningrad". ^[12] As a result, in about a month, the group carried out more than 200 attacks on Lithuanian Internet infrastructure resources. The Lithuanian Ministry of Defense stated that the participants in the attacks were pro-Russian "volunteer activists". ^[13] In particular, the group attacked the website of the Lithuanian company Ingstad, ^[14] the websites of Lithuanian airports ^{[15] [16]} and other Internet resources. In addition to DDOS attacks on Lithuanian sites, hackers from NoName057(16) managed to perform a so-called deface on one of them. As a result, a message from hackers appeared on the main page of the resource of the logistics company ExpressTrip.

Estonia

On June 7, 2022, NoName057(16) carried out a cyberattack on the website of the Central Bank of Estonia[source?]. Bank representatives confirmed the fact of the attack and emphasized that as a result of the incident, “the external website and the statistics module of the Bank of Estonia were not working due to technical reasons”. [27]

United States

Also, hackers from NoName057(16) carried out attacks on the websites of American companies from various fields of activity. As a result of one of these attacks the website of the ITT company ceased to be available to users for a long time.

Denmark

The group claimed responsibility for DDoS attacks on the sites of a number of businesses in the financial sector, along with the Ministry of Finance in January 2023, due to the Danish support to Ukraine. And most recently September 2023 tha Danish data commissioners website ^[17]

Germany

The group claimed responsibility for DDoS attacks on the sites of a number of Government and businesses sites, along with the Federal Foreign Office, Bundestag and the Platform for the Reconstruction in Ukraine which were unsuccessful in February to April 2023. ^[18]

Norway

As a kind of protest against the decision of the Norwegian authorities to ban the delivery of goods to Russian citizens in the Svalbard archipelago, the NoName057(16) group organized attacks on a number of sites in Norway. The attacks were noticed by the local media. ^{[19] [20]}

Poland

The group also carried out DDOS attacks against Poland's Internet infrastructure in different periods of time. ^[21]

Finland

A cyber attack on the website of the Finnish Parliament occurred after Finland joined NATO on April 4, 2023. ^{[22] [23]} Finnish journalists ranked the group as pro-Russian. ^[24]

As a result of the incident, the Finnish criminal police launched a preliminary investigation. ^[25]

Czech Republic

During the 2023 presidential elections on January 13, 2023, the website of presidential candidate General Petr Pavel has been under a strong hacker attack since Friday morning. That's why it was not loading for some users, his election team said. It is said that the website faced a similarly strong attack throughout Wednesday. According to the operator, the attack was conducted from various IP addresses across Europe. ^[26]

On March 24, 2023, there was a DDoS attack on the site of Prague Integrated Transport website about public transportation in Prague. The website was unavailable for several hours. The Noname057(16) claimed responsibility for the attack. Also, the website of Florenc Central Bus Station was also affected by this attack. ^[27]

On August 30, 2023, a DDoS attack on Czech banks occurred, causing their online banking systems to be unavailable. ^[28] Noname057(16) claimed responsibility for its attack on its Telegram channel. ^[29]

Italy

Following the visit of Prime Minister Giorgia Meloni to Kyiv, in support of Ukraine's efforts in the ongoing conflict with Russia, a series of Italian companies' and institutions' were attacked ^{[30] [31]} in February and March 2023. ^[32]

Iceland

During the Summit of the Heads of State and Government of the Council of Europe in Reykjavik, Iceland, May 16, 2023, the NoName057(16) group claimed responsibility for several attacks on Icelandic governmental websites. ^[33]

The Netherlands

The group carried out DDOS attacks against websites of several Dutch ports in Q1 of 2023. Port authorities state that their internal systems were not compromised or affected. The group hints that the attacks are in response to the Dutch plan to buy Swiss tanks for Ukraine. ^[34]

In august 2023 Dutch organizations have been targeted by DDoS attacks according to the Netherlands' National Cyber Security Centre NCSC. The pro-Russian or Russia aligned hacker group NoName057(16)claimed responsibility for these attacks, which had limited impact on the targeted organizations. NoName057(16) is known for politically motivated attacks associated with Russia or could be hired by Russian actors as cyber-mercenaries. ^[35]

On 4 november 2023 A DDoS (Distributed Denial of Service) attack involves bombarding computer systems with a substantial amount of internet traffic, aiming to overwhelm and disrupt them. NoName05716, a pro-Russian "hacktivist" group, is currently conducting such attacks on Dutch organizations in response to Dutch support for Ukraine in its conflict with Russia. Translink, a company affected by the attacks, reported that their website experienced temporary unavailability due to the ongoing DDoS attack. Despite the disruption, the ov-chipkaart, a public transportation smart card, remains operational for travelers, and Translink anticipates resolving the issue by Saturday afternoon.

References