Noname057(16)
Formation | 2022 |
---|---|
Type | Hacktivist group |
Legal status | Active |
Purpose | Pro-Russian cyber activities |
Headquarters | Unknown |
Region served | Global |
Origin | Russia (alleged) |
Platforms | Telegram, GitHub |
Products | DDOSIA (DDoS tool) |
Affiliations | Pro-Russian entities |
NoName057(16) is a pro-Russian hacker group that first declared itself in March 2022 and claimed responsibility for cyber-attacks on Ukrainian, American and European government agencies, media, and private companies. It is regarded as an unorganized and free pro-Russian activist group seeking to attract attention in Western countries.[1]
The first attacks claimed by the group in March 2022 were DDoS attacks targeting Ukraine news and media websites Zaxid and Fakty UA among others. Overall the motivations of the group appear to center around silencing organisations the group deem to be anti-Russian.[2]
Activity
[edit]NoName057(16) operates using Telegram channels where they claim responsibility for their attacks, mock targets, make threats, and share educational content. They have used GitHub to host their DDoS tool website and associated repositories. The group has developed a DDoS tool named DDOSIA, which conducts denial-of-service attacks by repeatedly issuing network requests to target sites.[3][4]
It is noteworthy that the threat actor appears to collaborate with other pro-Russian cyber collectives, such as Killnet and XakNet.[3][4]
Ukrainian media employees received threatening letters from the NoName057(16) group.[5] This was confirmed by the Ukrainian ex-Ombudsman Lyudmila Denisova.[6] OSINT researcher Cyberknow20 has included NoName057(16) in his summary table of hacker groups, which he periodically updates.[7] It is believed that their main enemy is a Spanish hacker known as Duna since he has exposed them on many occasions. This group, together with agents of the Russian FSB, is attributed with the attempted murder of Duna on at least four occasions.
Motivation
[edit]On the Telegram channel of the group a "Manifesto" was posted 11/03/2022.[3]
The English translation reads:
Greetings, comrades! Hacker group NoName057(16) goes out on the warpath with Ukrainian sub-hackers and their corrupt servants! These admirers of the neo-fascists, who have seized power in Ukraine, are trying to attack the Internet resources of our country and intimidate our compatriots with their attacks orchestrated through the social networks and other communication channels. In response to their pathetic efforts, we are conducting massive attacks on Ukropropaganda resources that brazenly lie to people about Russia’s special operation in Ukraine, as well as on the websites of Ukrainian grief-hackers who try to support the neo-Nazi regime of Zelensky and a handful of drug addicts and Nazis from his mob! We have already conducted several successful attacks on Ukrainian resources, which have paralyzed users’ access to them. And this is just the beginning. To our enemies, we want to remind the words of the famous Russian commander Alexander Nevsky: “Whoever comes to us with a sword will perish by the sword!" Here we will talk about our cases and conducted attacks.
Known DDOS attacks
[edit]Canada
[edit]On September 13, 2023, the NoName057(16) group has launched a DDoS attack on many Canadian and Quebec government websites. A total of 8 sites are attacked.[8]
Ukrainian sites
[edit]Starting from March 2022, the NoName057(16) group has carried out a number of cyberattacks on Ukrainian media websites and Ukrainian media portals. For example, such as: the portal "Detector Media",[9] the site "Odesa Online",[10] the information agency "Competitor".[11]
Baltic sites
[edit]Latvia
[edit]The DDOS attack claimed by the NoName057(16) group disrupted the online train ticket sales system on the website and in the mobile application of the Latvian company Passenger Train (Pasažieru vilciens).[12] The company representatives stated in their Twitter account they had to stop selling tickets on the site and in the application because of the incident.
Lithuania
[edit]On June 21, representatives of the hacker group NoName 057(16) announced on their Telegram channel that they were joining the attacks on the websites of the Republic of Lithuania. In their appeal, they called on other communities of pro-Russian hackers, as well as individual hacktivists, to do the same. The hackers called their actions "revenge for Kaliningrad".[13] As a result, in about a month, the group carried out more than 200 attacks on Lithuanian Internet infrastructure resources. The Lithuanian Ministry of Defense stated that the participants in the attacks were pro-Russian "volunteer activists".[14] In particular, the group attacked the website of the Lithuanian company Ingstad,[15] the websites of Lithuanian airports[16][17] and other Internet resources. In addition to DDOS attacks on Lithuanian sites, hackers from NoName057(16) managed to perform a so-called deface on one of them. As a result, a message from hackers appeared on the main page of the resource of the logistics company ExpressTrip.
Estonia
[edit]On June 7, 2022, NoName057(16) carried out a cyberattack on the website of the Central Bank of Estonia[source?]. Bank representatives confirmed the fact of the attack and emphasized that as a result of the incident, “the external website and the statistics module of the Bank of Estonia were not working due to technical reasons”.[27]
United States
[edit]Also, hackers from NoName057(16) carried out attacks on the websites of American companies from various fields of activity. As a result of one of these attacks the website of the ITT company ceased to be available to users for a long time.
Denmark
[edit]The group claimed responsibility for DDoS attacks on the sites of a number of businesses in the financial sector, along with the Ministry of Finance in January 2023, due to the Danish support to Ukraine. And most recently September 2023 tha? Danish data commissioners website [18]
Germany
[edit]The group claimed responsibility for DDoS attacks on the sites of a number of Government and businesses sites, along with the Federal Foreign Office, Bundestag and the Platform for the Reconstruction in Ukraine which were unsuccessful in February to April 2023.[19]
Norway
[edit]As a kind of protest against the decision of the Norwegian authorities to ban the delivery of goods to Russian citizens in the Svalbard archipelago, the NoName057(16) group organized attacks on a number of sites in Norway. The attacks were noticed by the local media.[20][21]
Poland
[edit]The group also carried out DDOS attacks against Poland's Internet infrastructure in different periods of time.[22]
Finland
[edit]A cyber attack on the website of the Finnish Parliament occurred after Finland joined NATO on April 4, 2023.[23][24] Finnish journalists ranked the group as pro-Russian.[25]
As a result of the incident, the Finnish criminal police launched a preliminary investigation.[26]
Czech Republic
[edit]During the 2023 presidential elections on January 13, 2023, the website of presidential candidate General Petr Pavel has been under a strong hacker attack since Friday morning. That's why it was not loading for some users, his election team said. It is said that the website faced a similarly strong attack throughout Wednesday. According to the operator, the attack was conducted from various IP addresses across Europe.[27]
On March 24, 2023, there was a DDoS attack on the site of Prague Integrated Transport website about public transportation in Prague. The website was unavailable for several hours. The Noname057(16) claimed responsibility for the attack. Also, the website of Florenc Central Bus Station was also affected by this attack.[28]
On August 30, 2023, a DDoS attack on Czech banks occurred, causing their online banking systems to be unavailable.[29] Noname057(16) claimed responsibility for its attack on its Telegram channel.[30]
Italy
[edit]Following the visit of Prime Minister Giorgia Meloni to Kyiv, in support of Ukraine's efforts in the ongoing conflict with Russia, a series of Italian companies' and institutions' were attacked[31][32] in February and March 2023.[33]
Iceland
[edit]During the Summit of the Heads of State and Government of the Council of Europe in Reykjavik, Iceland, May 16, 2023, the NoName057(16) group claimed responsibility for several attacks on Icelandic governmental websites.[34]
The Netherlands
[edit]The group carried out DDOS attacks against websites of several Dutch ports in Q1 of 2023. Port authorities state that their internal systems were not compromised or affected. The group hints that the attacks are in response to the Dutch plan to buy Swiss tanks for Ukraine.[35]
In august 2023 Dutch organizations have been targeted by DDoS attacks according to the Netherlands' National Cyber Security Centre NCSC. The pro-Russian or Russia aligned hacker group NoName057(16)claimed responsibility for these attacks, which had limited impact on the targeted organizations. NoName057(16) is known for politically motivated attacks associated with Russia or could be hired by Russian actors as cyber-mercenaries.[36]
On 4 november 2023 A DDoS (Distributed Denial of Service) attack involves bombarding computer systems with a substantial amount of internet traffic, aiming to overwhelm and disrupt them. NoName05716, a pro-Russian "hacktivist" group, is currently conducting such attacks on Dutch organizations in response to Dutch support for Ukraine in its conflict with Russia. Translink, a company affected by the attacks, reported that their website experienced temporary unavailability due to the ongoing DDoS attack. Despite the disruption, the ov-chipkaart, a public transportation smart card, remains operational for travelers, and Translink anticipates resolving the issue by Saturday afternoon.
Taiwan(ROC)
[edit]On September 12, hackers from NoName057(16) attacked several websites of Taiwan companies and government, including Mega Financial Holding Company Ltd., Chailease Finance Co., Ltd., Chang Hwa Bank, Taiwan Stock Exchange, and Directorate General of Budget, Accounting and Statistics.[37][38][39]
Belgium
[edit]On October 7th, several websites of Belgian governmental organisations and ports started getting DDoS attacked by the hacker group. Provinces and local government websites went down for 2 days. These are also the two governments for which elections take place on October the 13th.
United Kingdom
[edit]On October 28th, 13 local authorities were targeted by NoName057(16), with additional local authorities targeted on October 30th. The first wave of attacks resulted in service disruption for 6 councils, with the second wave disrupting services for 3 councils.[40]
References
[edit]- ^ "NoName057(16) Pro-Russian Hacker Group Targeting Sites in Ukraine and Supporting Countries with DDoS Attacks". NoName057(16) Pro-Russian Hacker Group Targeting Sites in Ukraine and Supporting Countries with DDoS Attacks. Retrieved 2023-01-09.
- ^ Hegel, Tom (January 12, 2023). "NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO". SentinelOne. Retrieved October 8, 2024.
- ^ a b c Ylabs (2022-10-13). "Analysis of the Russian-Speaking Threat Actor NoName 057(16)". YLabs. Retrieved 2023-08-14.
- ^ a b "NoName05716: The Pro-Russian Hacktivist Group Targeting NATO". SentinelOne Labs. Retrieved 2023-08-14.
- ^ "Російські ноунейми пообіцяли помститися ще одному запорізькому сайту". imi.org.ua (in Ukrainian). Retrieved 2022-08-20.
- ^ Іванов, Юрій (2022-04-28). ""Оперативній Україні інфо" надійшли погрози від російських хакерів NoName * Оперативна Україна інфо". Оперативна Україна інфо (in Ukrainian). Retrieved 2022-08-17.
- ^ "Update 16. 2022 Russia-Ukraine War — Cyber Group Tracker. July 14". July 14, 2022.
- ^ "Steve Waterhous". X (formerly Twitter). Retrieved 2023-09-13.
- ^ ""Детектор медіа" зазнає DDoS-атаки". imi.org.ua.
- ^ ""Одеса.Онлайн"". Retrieved October 8, 2024.
- ^ "DDoS-атаки і дзвінки з погрозами: рашисти залякують журналістів ІА "Конкурент"". konkurent.ua.
- ^ "Из-за DDoS-атаки была нарушена торговля билетами на сайте Pasažieru vilciens". Экономика. June 1, 2022.
- ^ https://ria.ru/20220627/khakery-1798513241.html
- ^ "Кругом одни компбатанты". www.kommersant.ru. July 18, 2022.
- ^ https://ria.ru/20220629/ataka-1799137306.html
- ^ "Кибергруппы KillNet и NoName057(16) положили интернет-ресурсы Литвы". Anti-Malware.ru. June 22, 2022.
- ^ "Three Lithuanian airports under DDOS attacks NoName057(16)". The Cyber Shafarat - Treadstone 71. June 23, 2022.
- ^ Moltke, Henrik (January 13, 2023). "Russisk hackergruppe i mail til DR: Vi står bag cyberangreb mod Danmark". dr.dk (in Danish). Retrieved January 13, 2023.
- ^ "Angriffe auf offizielle Webseiten". dr.dk (in Danish). Oct 2, 2023. Retrieved January 13, 2023.
- ^ "Nyhetsstudio - Hackergruppe: Hevder seier over Norge". Dagbladet.
- ^ "Antimedia - Nyheter".
- ^ "Таинственные хакеры оптом уничтожают сайты польской армии, силовиков и госведомств". CNews.ru.
- ^ "Account Suspended". goodwordnews.com. Retrieved October 8, 2024.
- ^ "Govt website comes under cyber attack after Parliament". clickittefaq. Retrieved 2023-04-17.
- ^ "Хакеры взломали сайт парламента Финляндии". Interfax.ru. Retrieved 2022-08-24.
- ^ "Интернет-сайт финского парламента подвергся атаке хакеров". Новости. August 9, 2022.
- ^ "Na web Petra Pavla útočí ruští hackeři. Podobnému útoku stránky kandidáta na prezidenta čelily i ve středu". FORUM 24. Retrieved October 8, 2024.
- ^ "x.com". Retrieved October 8, 2024.
- ^ "Russian Group NoName057(16) Attacks Czech Banks and Stock Exchange" [Internet banking and websites of several domestic banks are not working].
- ^ Post on NoName057(16) Еng Telegram channel. 2023-08-30
- ^ Redazione Ansa (22 February 2023). "Hackers attack websites of Italian firms and institutions". Rome: ANSA. Retrieved 7 March 2023.
A series of Italian companies' and institutions' sites are in the cross-hairs of hackers from the pro-Russian collective NoName057, who claimed the action on their Telegram profiles
- ^ Longo, Alessandro (6 March 2023). "Gli hacker filorussi di Noname057 hanno attaccato per la seconda volta l'Italia". Il Sole 24 ore (in Italian). Retrieved 7 March 2023.
- ^ "Nuovo attacco hacker all'Italia, messo offline il sito del ministero dei Trasporti". la Repubblica. March 22, 2023. Retrieved October 8, 2024.
- ^ "Netárásir gerðar á íslenskar vefsíður". www.mbl.is (in Icelandic). Retrieved 2023-05-16.
- ^ "Pro-Russische hackers legden websites Nederlandse havens plat". Nederlandse Omroep Stichting (in Dutch). July 14, 2023.
- ^ Centrum, Nationaal Cyber Security (2023-08-08). "Nederlandse organisaties doelwit van DDoS-aanvallen - Nieuwsbericht - Nationaal Cyber Security Centrum". www.ncsc.nl (in Dutch). Retrieved 2023-08-14.
- ^ "兆豐金彰銀遭網攻、證交所主計總處網站一度當機 親俄駭客宣稱犯案 | 產經". 中央社 CNA. September 12, 2024. Retrieved October 8, 2024.
- ^ "駭客組織攻擊台灣網站,政府、財稅單位為首要目標". 台灣電腦網路危機處理暨協調中心. September 13, 2024. Retrieved October 8, 2024.
- ^ "Pro-Russian hackers launch DDoS attack over Lai comments: cybersecurity firm - Taipei Times". www.taipeitimes.com. September 10, 2024. Retrieved October 8, 2024.
- ^ Jones, Connor (2024-11-01). "UK councils bat away DDoS barrage from pro-Russia keyboard warriors". The Register. Retrieved 2024-11-04.
External links
[edit]Media related to Noname057(16) at Wikimedia Commons