The pro-Russian hacker group, known as NoName057(16), has been conducting a campaign of DDoS attacks against organizations in Ukraine and NATO countries since the early days of the war in Ukraine. The group has targeted government organizations and critical infrastructure.

What has been found?

SentinelLabs has revealed that the group utilizes public Telegram channels, a volunteer-based DDoS payment program, and a multi-operating system toolkit to conduct its attacks. Additionally, the group is found to have a presence on GitHub.

Diving into details

NoName057(16) claims to be a hacktivist group that primarily focuses on disrupting websites that are important to nations that are critical of Russia's invasion of Ukraine.
  • It uses DDoS attacks as its primary method of disruption.
  • The group initially targeted Ukrainian news websites, but later shifted its focus to NATO-associated targets.
  • It claimed responsibility for the March 2022 DDoS attacks on Ukrainian news and media websites such as Zaxid and Fakty UA.
  • On January 11, the researchers observed NoName057(16) starting to target the websites of candidates for the 2023 Czech presidential election.

Operation on Telegram

  • NoName057(16) utilizes Telegram to claim responsibility for its attacks, mock the targets, make threats, and justify its actions as a group.
  • Data from the group's Telegram channel suggests that the attackers value the recognition and publicity their attacks receive online, including being mentioned in Wikipedia articles.

Operation on GitHub

  • NoName057(16) utilizes GitHub as the primary platform for most of its malicious activities, including hosting its DDoS website. Additionally, the group uses GitHub repositories to store the latest versions of their tools.
  • GitHub has disabled the accounts according to its Acceptable Use Policies.

The bottom line

NoName057(16) is a hacktivist group that reportedly emerged in the aftermath of the Russia-Ukraine war. Although the group is not highly skilled technically, it can still cause temporary service disruptions. 

The overall scenario also represents a growing trend of volunteer-based attacks, and now the attackers have added payments as an incentive for their most effective contributors. Given the current political climate, it is likely that similar groups will continue to flourish - anticipate researchers.
Cyware Publisher