Noname057(16)

Last updated
NoName057(16)
Formation2022
TypeHacktivist group
Legal statusActive
PurposePro-Russian cyber activities
HeadquartersUnknown
Region served
Global
Origin
Russia (alleged)
Platforms
Telegram, GitHub
Products
DDOSIA (DDoS tool)
AffiliationsPro-Russian entities

NoName057(16) is a pro-Russian hacker group that first declared itself in March 2022 and claimed responsibility for cyber-attacks on Ukrainian, American and European government agencies, media, and private companies. It is regarded as an unorganized and free pro-Russian activist group seeking to attract attention in Western countries. [1]

Contents

The first attacks claimed by the group in March 2022 were DDoS attacks targeting Ukraine news and media websites Zaxid and Fakty UA among others. Overall the motivations of the group appear to center around silencing organisations the group deem to be anti-Russian. [2]

Activity

NoName057(16) operates using Telegram channels where they claim responsibility for their attacks, mock targets, make threats, and share educational content. They have used GitHub to host their DDoS tool website and associated repositories. The group has developed a DDoS tool named DDOSIA, which conducts denial-of-service attacks by repeatedly issuing network requests to target sites. [3] [4]

It is noteworthy that the threat actor appears to collaborate with other pro-Russian cyber collectives, such as Killnet and XakNet. [3] [4]

Ukrainian media employees received threatening letters from the NoName057(16) group. [5] This was confirmed by the Ukrainian ex-Ombudsman Lyudmila Denisova. [6] OSINT researcher Cyberknow20 has included NoName057(16) in his summary table of hacker groups, which he periodically updates. [7] It is believed that their main enemy is a Spanish hacker known as Duna since he has exposed them on many occasions. This group, together with agents of the Russian FSB, is attributed with the attempted murder of Duna on at least four occasions.

Motivation

On the Telegram channel of the group a "Manifesto" was posted 11/03/2022. [3]

The groups' manifesto, labeling Ukraine as a nation of Nazis Noname057(16) manifesto from their telegram channel.jpg
The groups' manifesto, labeling Ukraine as a nation of Nazis
A post from their Telegram Noname057(16) manifesto from their telegram channel in russian.png
A post from their Telegram

The English translation reads:

Greetings, comrades! Hacker group NoName057(16) goes out on the warpath with Ukrainian sub-hackers and their corrupt servants! These admirers of the neo-fascists, who have seized power in Ukraine, are trying to attack the Internet resources of our country and intimidate our compatriots with their attacks orchestrated through the social networks and other communication channels. In response to their pathetic efforts, we are conducting massive attacks on Ukropropaganda resources that brazenly lie to people about Russia’s special operation in Ukraine, as well as on the websites of Ukrainian grief-hackers who try to support the neo-Nazi regime of Zelensky and a handful of drug addicts and Nazis from his mob! We have already conducted several successful attacks on Ukrainian resources, which have paralyzed users’ access to them. And this is just the beginning. To our enemies, we want to remind the words of the famous Russian commander Alexander Nevsky: “Whoever comes to us with a sword will perish by the sword!" Here we will talk about our cases and conducted attacks.

Known DDOS attacks

Canada

On September 13, 2023, the NoName057(16) group has launched a DDoS attack on many Canadian and Quebec government websites. A total of 8 sites are attacked. [8]

Ukrainian sites

Starting from March 2022, the NoName057(16) group has carried out a number of cyberattacks on Ukrainian media websites and Ukrainian media portals. For example, such as: the portal "Detector Media", [9] the site "Odesa Online", [10] the information agency "Competitor". [11]

Baltic sites

Latvia

The DDOS attack claimed by the NoName057(16) group disrupted the online train ticket sales system on the website and in the mobile application of the Latvian company Passenger Train (Pasažieru vilciens). [12] The company representatives stated in their Twitter account they had to stop selling tickets on the site and in the application because of the incident.

Lithuania

On June 21, representatives of the hacker group NoName 057(16) announced on their Telegram channel that they were joining the attacks on the websites of the Republic of Lithuania. In their appeal, they called on other communities of pro-Russian hackers, as well as individual hacktivists, to do the same. The hackers called their actions "revenge for Kaliningrad". [13] As a result, in about a month, the group carried out more than 200 attacks on Lithuanian Internet infrastructure resources. The Lithuanian Ministry of Defense stated that the participants in the attacks were pro-Russian "volunteer activists". [14] In particular, the group attacked the website of the Lithuanian company Ingstad, [15] the websites of Lithuanian airports [16] [17] and other Internet resources. In addition to DDOS attacks on Lithuanian sites, hackers from NoName057(16) managed to perform a so-called deface on one of them. As a result, a message from hackers appeared on the main page of the resource of the logistics company ExpressTrip.

Estonia

On June 7, 2022, NoName057(16) carried out a cyberattack on the website of the Central Bank of Estonia[source?]. Bank representatives confirmed the fact of the attack and emphasized that as a result of the incident, “the external website and the statistics module of the Bank of Estonia were not working due to technical reasons”.[27]

United States

Also, hackers from NoName057(16) carried out attacks on the websites of American companies from various fields of activity. As a result of one of these attacks the website of the ITT company ceased to be available to users for a long time.

Denmark

The group claimed responsibility for DDoS attacks on the sites of a number of businesses in the financial sector, along with the Ministry of Finance in January 2023, due to the Danish support to Ukraine. And September 2023 tha? Danish data commissioners website. [18] Most recently an attack against Danish municipalities and Mintry of Trasnportation. Downtown for the majority of the municipalities: less than 30 minutes.

Germany

The group claimed responsibility for DDoS attacks on the sites of a number of Government and businesses sites, along with the Federal Foreign Office, Bundestag and the Platform for the Reconstruction in Ukraine which were unsuccessful in February to April 2023. [19]

Norway

As a kind of protest against the decision of the Norwegian authorities to ban the delivery of goods to Russian citizens in the Svalbard archipelago, the NoName057(16) group organized attacks on a number of sites in Norway. The attacks were noticed by the local media. [20] [21]

Poland

The group also carried out DDOS attacks against Poland's Internet infrastructure in different periods of time. [22]

Finland

A cyber attack on the website of the Finnish Parliament occurred after Finland joined NATO on April 4, 2023. [23] [24] Finnish journalists ranked the group as pro-Russian. [25]

As a result of the incident, the Finnish criminal police launched a preliminary investigation. [26]

Czech Republic

During the 2023 presidential elections on January 13, 2023, the website of presidential candidate General Petr Pavel has been under a strong hacker attack since Friday morning. That's why it was not loading for some users, his election team said. It is said that the website faced a similarly strong attack throughout Wednesday. According to the operator, the attack was conducted from various IP addresses across Europe. [27]

On March 24, 2023, there was a DDoS attack on the site of Prague Integrated Transport website about public transportation in Prague. The website was unavailable for several hours. The Noname057(16) claimed responsibility for the attack. Also, the website of Florenc Central Bus Station was also affected by this attack. [28]

On August 30, 2023, a DDoS attack on Czech banks occurred, causing their online banking systems to be unavailable. [29] Noname057(16) claimed responsibility for its attack on its Telegram channel. [30]

Italy

Following the visit of Prime Minister Giorgia Meloni to Kyiv, in support of Ukraine's efforts in the ongoing conflict with Russia, a series of Italian companies' and institutions' were attacked [31] [32] in February and March 2023. [33]

Iceland

During the Summit of the Heads of State and Government of the Council of Europe in Reykjavik, Iceland, May 16, 2023, the NoName057(16) group claimed responsibility for several attacks on Icelandic governmental websites. [34]

The Netherlands

The group carried out DDOS attacks against websites of several Dutch ports in Q1 of 2023. Port authorities state that their internal systems were not compromised or affected. The group hints that the attacks are in response to the Dutch plan to buy Swiss tanks for Ukraine. [35]

In august 2023 Dutch organizations have been targeted by DDoS attacks according to the Netherlands' National Cyber Security Centre NCSC. The pro-Russian or Russia aligned hacker group NoName057(16)claimed responsibility for these attacks, which had limited impact on the targeted organizations. NoName057(16) is known for politically motivated attacks associated with Russia or could be hired by Russian actors as cyber-mercenaries. [36]

On 4 november 2023 A DDoS (Distributed Denial of Service) attack involves bombarding computer systems with a substantial amount of internet traffic, aiming to overwhelm and disrupt them. NoName05716, a pro-Russian "hacktivist" group, is currently conducting such attacks on Dutch organizations in response to Dutch support for Ukraine in its conflict with Russia. Translink, a company affected by the attacks, reported that their website experienced temporary unavailability due to the ongoing DDoS attack. Despite the disruption, the ov-chipkaart, a public transportation smart card, remains operational for travelers, and Translink anticipates resolving the issue by Saturday afternoon.

Taiwan(ROC)

On September 12, hackers from NoName057(16) attacked several websites of Taiwan companies and government, including Mega Financial Holding Company Ltd., Chailease Finance Co., Ltd., Chang Hwa Bank, Taiwan Stock Exchange, and Directorate General of Budget, Accounting and Statistics. [37] [38] [39]

Belgium

On October 7, several websites of Belgian governmental organisations and ports started getting DDoS attacked by the hacker group. Provinces and local government websites went down for 2 days. These are also the two governments for which elections take place on October the 13th.

United Kingdom

On October 28, 2024, 13 local authorities were targeted by NoName057(16), with additional local authorities targeted on October 30. The first wave of attacks resulted in service disruption for 6 councils, with the second wave disrupting services for 3 councils. [40]

Related Research Articles

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

<span class="mw-page-title-main">Cyberattacks during the Russo-Georgian War</span> Series of cyber attacks during Russo-Georgian war in 2008

During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russian and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

<span class="mw-page-title-main">Cloudflare</span> American technology company

Cloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, wide area network services, reverse proxies, Domain Name Service, and ICANN-accredited domain registration services. Cloudflare's headquarters are in San Francisco, California. According to W3Techs, Cloudflare is used by more than 19% of the Internet for its web security services, as of 2024.

Anonymous is a decentralised virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

<i>We Are Legion</i> 2012 American film

We Are Legion: The Story of the Hacktivists is a 2012 documentary film about the workings and beliefs of the self-described "hacktivist" collective, Anonymous.

<span class="mw-page-title-main">CyberBerkut</span> Group of pro-Russian hackers

CyberBerkut is a modern organized group of pro-Russian hacktivists. The group became locally known for a series of publicity stunts and distributed denial-of-service (DDoS) attacks on Ukrainian government, and western or Ukrainian corporate websites. By 2018, this group was accused by western intelligence agencies, such as National Cyber Security Centre of being linked to the GRU, providing plausible deniability.

Ghost Security, also known as GhostSec, is a self-described "vigilante" group that was formed to attack ISIS websites that promote Islamic extremism. It is considered an offshoot of the Anonymous hacking collective. According to experts of online jihad activism, the group gained momentum after the Charlie Hebdo shooting in Paris in January 2015. The group claims to have taken down hundreds of ISIS-affiliated websites or social media accounts and thwarted potential terrorist attacks by cooperating with law enforcement and intelligence agencies. The group uses social media hashtags like #GhostSec - #GhostSecurity or #OpISIS to promote its activities.

Ghost Squad Hackers ("GSH") is a hacktivist group responsible for several cyber attacks. Former targets of the group include central banks, Fox News, CNN, the United States Armed Forces and the government of Israel. The group is led by a de facto leader known as s1ege, and selects targets primarily for political reasons. The group forms a part of the hacktivist group Anonymous.

<span class="mw-page-title-main">Russo-Ukrainian cyberwarfare</span> Informatic component of the confrontation between Russia and Ukraine

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

<span class="mw-page-title-main">Cyber Partisans</span> Belarusian hacktivist group

Cyber Partisans is a Belarusian decentralized anonymous hacktivist collective emerged in September 2020, known for its various cyber attacks against the authoritarian Belarusian government. The group is part of the broader Belarusian opposition movement.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the Russian invasion of Ukraine and the Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

<span class="mw-page-title-main">IT Army of Ukraine</span> Ukrainian cyberwarfare volunteer group

The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022. The group also conducts offensive cyberwarfare operations, and Chief of Head of State Special Communications Service of Ukraine Victor Zhora said its enlisted hackers would only attack military targets.

Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the Russian invasion of Ukraine began.

Killnet is a pro-Russia hacker group known for its DoS and DDoS attacks towards government institutions and private companies in several countries during the 2022 Russian invasion of Ukraine. The group is thought to have been formed sometime around March 2022.

<span class="mw-page-title-main">Anonymous Sudan</span> Hacker group active since 2023

Anonymous Sudan is a criminal hacker group that has been active since mid-January 2023. They are alleged to have committed over 35,000 distributed denial-of-service (DDoS) attacks against entire small countries, government agencies, universities, newspapers, hospitals and LGBT sites. While they claim to be doing it for pro-Palestinian ideological reasons, they have attempted to extort money from victims.

References

  1. "NoName057(16) Pro-Russian Hacker Group Targeting Sites in Ukraine and Supporting Countries with DDoS Attacks". NoName057(16) Pro-Russian Hacker Group Targeting Sites in Ukraine and Supporting Countries with DDoS Attacks. Retrieved 2023-01-09.
  2. Hegel, Tom (January 12, 2023). "NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO". SentinelOne. Retrieved October 8, 2024.
  3. 1 2 3 Ylabs (2022-10-13). "Analysis of the Russian-Speaking Threat Actor NoName 057(16)". YLabs. Retrieved 2023-08-14.
  4. 1 2 "NoName05716: The Pro-Russian Hacktivist Group Targeting NATO". SentinelOne Labs. Retrieved 2023-08-14.
  5. "Російські ноунейми пообіцяли помститися ще одному запорізькому сайту". imi.org.ua (in Ukrainian). Retrieved 2022-08-20.
  6. Іванов, Юрій (2022-04-28). ""Оперативній Україні інфо" надійшли погрози від російських хакерів NoName * Оперативна Україна інфо". Оперативна Україна інфо (in Ukrainian). Retrieved 2022-08-17.
  7. "Update 16. 2022 Russia-Ukraine War — Cyber Group Tracker. July 14". July 14, 2022.
  8. "Steve Waterhous". X (formerly Twitter). Retrieved 2023-09-13.
  9. ""Детектор медіа" зазнає DDoS-атаки". imi.org.ua.
  10. ""Одеса.Онлайн"" . Retrieved October 8, 2024.
  11. "DDoS-атаки і дзвінки з погрозами: рашисти залякують журналістів ІА "Конкурент"". konkurent.ua.
  12. "Из-за DDoS-атаки была нарушена торговля билетами на сайте Pasažieru vilciens". Экономика. June 1, 2022.
  13. https://ria.ru/20220627/khakery-1798513241.html
  14. "Кругом одни компбатанты". www.kommersant.ru. July 18, 2022.
  15. https://ria.ru/20220629/ataka-1799137306.html
  16. "Кибергруппы KillNet и NoName057(16) положили интернет-ресурсы Литвы". Anti-Malware.ru. June 22, 2022.
  17. "Three Lithuanian airports under DDOS attacks NoName057(16)". The Cyber Shafarat - Treadstone 71. June 23, 2022.
  18. Moltke, Henrik (January 13, 2023). "Russisk hackergruppe i mail til DR: Vi står bag cyberangreb mod Danmark". dr.dk (in Danish). Retrieved January 13, 2023.
  19. "Angriffe auf offizielle Webseiten". dr.dk (in Danish). Oct 2, 2023. Retrieved January 13, 2023.
  20. "Nyhetsstudio - Hackergruppe: Hevder seier over Norge". Dagbladet.
  21. "Antimedia - Nyheter".
  22. "Таинственные хакеры оптом уничтожают сайты польской армии, силовиков и госведомств". CNews.ru.
  23. "Account Suspended". goodwordnews.com. Retrieved October 8, 2024.
  24. "Govt website comes under cyber attack after Parliament". clickittefaq. Retrieved 2023-04-17.
  25. "Хакеры взломали сайт парламента Финляндии". Interfax.ru. Retrieved 2022-08-24.
  26. "Интернет-сайт финского парламента подвергся атаке хакеров". Новости. August 9, 2022.
  27. "Na web Petra Pavla útočí ruští hackeři. Podobnému útoku stránky kandidáta na prezidenta čelily i ve středu". FORUM 24. Retrieved October 8, 2024.
  28. "x.com" . Retrieved October 8, 2024.
  29. "Russian Group NoName057(16) Attacks Czech Banks and Stock Exchange" [Internet banking and websites of several domestic banks are not working].
  30. Post on NoName057(16) Еng Telegram channel. 2023-08-30
  31. Redazione Ansa (22 February 2023). "Hackers attack websites of Italian firms and institutions". Rome: ANSA. Retrieved 7 March 2023. A series of Italian companies' and institutions' sites are in the cross-hairs of hackers from the pro-Russian collective NoName057, who claimed the action on their Telegram profiles
  32. Longo, Alessandro (6 March 2023). "Gli hacker filorussi di Noname057 hanno attaccato per la seconda volta l'Italia". Il Sole 24 ore (in Italian). Retrieved 7 March 2023.
  33. "Nuovo attacco hacker all'Italia, messo offline il sito del ministero dei Trasporti". la Repubblica. March 22, 2023. Retrieved October 8, 2024.
  34. "Netárásir gerðar á íslenskar vefsíður". www.mbl.is (in Icelandic). Retrieved 2023-05-16.
  35. "Pro-Russische hackers legden websites Nederlandse havens plat". Nederlandse Omroep Stichting (in Dutch). July 14, 2023.
  36. Centrum, Nationaal Cyber Security (2023-08-08). "Nederlandse organisaties doelwit van DDoS-aanvallen - Nieuwsbericht - Nationaal Cyber Security Centrum". www.ncsc.nl (in Dutch). Retrieved 2023-08-14.
  37. "兆豐金彰銀遭網攻、證交所主計總處網站一度當機 親俄駭客宣稱犯案 | 產經". 中央社 CNA. September 12, 2024. Retrieved October 8, 2024.
  38. "駭客組織攻擊台灣網站,政府、財稅單位為首要目標". 台灣電腦網路危機處理暨協調中心. September 13, 2024. Retrieved October 8, 2024.
  39. "Pro-Russian hackers launch DDoS attack over Lai comments: cybersecurity firm - Taipei Times". www.taipeitimes.com. September 10, 2024. Retrieved October 8, 2024.
  40. Jones, Connor (2024-11-01). "UK councils bat away DDoS barrage from pro-Russia keyboard warriors". The Register. Retrieved 2024-11-04.

Commons-logo.svg Media related to Noname057(16) at Wikimedia Commons

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.