September 29, 2023

Each morning at roughly the identical time, a Russian hacker group generally known as NoName057(16) carries out distributed denial-of-service (DDoS) assaults on European monetary establishments, authorities web sites or transportation providers.

Final week, the group claimed accountability for disrupting the web sites of a number of banks and monetary establishments within the Czech Republic and Poland, which it considers hostile to the Russian state due to its help to Ukraine.

Like different pro-Kremlin hacktivist gangs, together with Killnet or the Cyber Military of Russia, NoName057(16) orchestrates comparatively easy and short-lived DDoS incidents with the assistance of a whole lot of volunteers. The objective is to disrupt day by day life, even for a couple of minutes.

However there are some issues that set this group aside, researchers say.

Within the Russian cybercrime panorama, NoName057(16) is a “lone wolf,” in accordance with Pascal Geenens, the director of cyberthreat intelligence on the cybersecurity agency Radware. The group would not make any alliances with different hackers and largely depends on the custom-made DDoSia toolkit to hold out its assaults.

NoName057(16) is much less emotional and erratic in comparison with another teams. In line with Geenens, it has maintained a military-like self-discipline in its operations for over a 12 months.

The group picks 5 to fifteen targets per day and research their web sites to search out an important elements to hit for a much bigger influence. Different hacktivist teams usually do not conduct reconnaissance earlier than staging their assaults, Geenens mentioned.

To rejoice its successes, NoName057(16) publishes a report on the Verify Host web site, which evaluates the supply and efficiency of web site servers in several international locations. Different pro-Kremlin teams are much less rigorous, and so they continuously declare DDoS assaults which were carried out by different gangs, together with NoName057(16), in accordance with Geenens.

Western targets

DDoS incidents contain flooding a web site with bogus requests till it basically stops processing authentic visitors. For the reason that starting of this 12 months, NoName057(16) has claimed greater than 170 assaults focusing on Poland, Czechia, Lithuania, Ukraine and Italy, in accordance with Radware. The group’s preliminary assaults targeted on Ukrainian information web sites, however later shifted to NATO-associated targets, in accordance with a report by SentinelLabs.

The group attacked the tax service web site of Poland in March, and it additionally focused the web sites of candidates within the Czech presidential election in January. Then, in August, it launched a contemporary wave of assaults on the monetary establishments of those international locations.

One attainable motive for NoName057’s (16) alternative of Western targets is to keep away from interfering with government-controlled hackers who particularly goal Ukrainian infrastructure, in accordance with Geenens.

There’s additionally a chance that pro-Russian hacktivists attempt to keep inside a selected sphere of affect, with NoName057(16) primarily focusing on Ukrainian allies whereas different teams just like the Cyber Military of Russia deal with Ukrainian organizations, in accordance with Yevheniya Nakonechna, head of the Ukrainian pc emergency response workforce (CERT-UA).

Automated instruments

For its operations, NoName057(16) largely makes use of a DDoS assault toolkit known as DDoSia with a person configuration file given to every individual keen to affix an assault, in accordance with Nakonechna.

Instruments like DDoSia make DDoS assaults extra accessible to people who aren’t skilled hackers however need to earn money or become involved in cyberwarfare from the consolation of their very own properties.

On its Telegram channel with over 52,000 subscribers, NoName057(16) goals to teach its followers by explaining fundamental business jargon and assault ideas.

Volunteers who select to take part in hacking campaigns are paid in cryptocurrency primarily based on their contribution to DDoS assaults.

The DDoSia mission’s Telegram channel presently has 12,000 subscribers. In line with a report from cybersecurity firm Sekoia, the group is targeted on enhancing its software program safety and increasing its capabilities.

It isn’t totally clear how NoName057(16) funds these initiatives. In line with Geenens, there is not any proof that the Russian authorities sponsors the group.

In truth, little or no is understood concerning the founder or core workforce of the group, in addition to the origin of its title. This units NoName057(16) other than Killnet, which has an enigmatic and media-savvy chief, Killmilk.

However similar to many different hacktivist teams, Killnet seems to develop weary of its DDoS assaults and shifts its focus to aspect tasks.

“There are menace actors who come and go or take a break, however not NoName057(16),” Geenens mentioned.

Whereas not technically refined or damaging, NoName057(16) assaults are annoying and irritating for individuals who need to use the providers impacted by the assault, researchers say.

NoName057(16) desires to create chaos and make folks discover their hacks, in accordance with Geenens. And they’ll probably proceed to ramp up their efforts to make sure they don’t seem to be forgotten, he added.

“We do not plan on simply sitting round within the face of the hostile and overtly anti-Russian actions coming from the West. We’ll reply in type. We won’t let Russophobia change into the brand new regular!” the group mentioned final July in a manifesto.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Be taught extra.

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information primarily based in Ukraine. She writes about cybersecurity startups, cyberattacks in Japanese Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been revealed at Sifted, The Kyiv Unbiased and The Kyiv Submit.