Now, NoName057(16) targets any nation that expresses assist for Ukraine, focusing totally on authorities web sites, banks, and vitality suppliers. Whereas different teams have come and gone, NoName057(16) has been constant in its actions for the previous 18 months, conducting at the very least one DDoS assault per day. The group not often diverts from its systematic assault process, which is often linked with the information cycle, however after they do it’s reactive. For instance, on December 15, 2022, the group carried out a DDoS assault on the Polish Parliament web site after Poland acknowledged Russia as a state sponsor of terrorism.
The group’s modus operandi appears to embody three elements: disinformation, intimidation, and chaos creation. The disinformation element is evidenced by the continual assaults towards quite a few Ukrainian media sources. The intimidation element consists of repeated assaults towards the identical goal. As NoName057(16) places it: “repetition is the mom of studying.” Lastly, chaos creation is evidenced by the 70-plus DDoS assaults towards Spain in the course of the weeks prior and instantly after the nation’s basic election in July 2023. Comparable occasions passed off main as much as the Czech presidential election in January and the Polish parliamentary elections in October.
NoName057(16) has no enigmatic chief and there’s no proof for who financially sponsors the group, or if they’ve authorities linkages. It’s characterised by its military-like self-discipline and the calculated, repetitive nature of its assaults. The group is way extra rigorous in its goal reconnaissance than every other pro-Russian hacktivist group. It additionally publishes proof of the worldwide unavailability of the focused web sites on the CheckHost web site, most certainly to spice up their very own ego.
What can be distinctive in regards to the group is its technical focusing on course of that’s fully reliant on volunteers to hold out its DDoS operations. A goal listing is up to date day by day and is distributed by the group directors by way of encrypted C2 servers. The execution of the assaults, subsequently, depends on a gaggle of Russian sympathizers who volunteer their personal gadgets and who’re paid in cryptocurrency for his or her participation. Many questions stay concerning who’s accountable for selecting the targets and importing the listing, however there’s a sturdy risk a core group of people make these govt choices. Additionally peculiar is that in contrast to every other hacking group within the Russo-Ukrainian battle, NoName057(16) doesn’t prohibit its consumer base and is prepared to combine ideology with monetary incentives to recruit people to affix their efforts.
How NoName057(16) manufacturers itself
NoName057(16) launched its crowdsourced botnet, DDoSia, in July 2022. To make the assault toolkit extra accessible, it additionally has a Telegram channel each in Russian and English for directions and assist. Its toolkit was additionally hosted on GitHub till lately, nevertheless it has since been taken down, which is curious given the quantity of illicit content material that continues to be made accessible on the web site.
A parallel will be drawn between the cyber operations of NoName057(16) and the IT Military of Ukraine, which additionally has a completely automated DDoS bot that targets Russian organizations. What units NoName057(16) aside is its built-in fee platform, which is tough to trace for the reason that group makes use of the open-source cryptocurrency TON for payouts. Consultants from Radware, a cybersecurity supplier, declare it’s “mainly untraceable.”
