Now, NoName057(16) targets any nation that expresses assist for Ukraine, focusing totally on authorities web sites, banks, and power suppliers. Whereas different teams have come and gone, NoName057(16) has been constant in its actions for the previous 18 months, conducting not less than one DDoS assault per day. The group hardly ever diverts from its systematic assault process, which is usually linked with the information cycle, however after they do it’s reactive. For instance, on December 15, 2022, the group carried out a DDoS assault on the Polish Parliament web site after Poland acknowledged Russia as a state sponsor of terrorism.
The group’s modus operandi appears to embody three parts: disinformation, intimidation, and chaos creation. The disinformation part is evidenced by the continual assaults towards quite a few Ukrainian media sources. The intimidation part consists of repeated assaults towards the identical goal. As NoName057(16) places it: “repetition is the mom of studying.” Lastly, chaos creation is evidenced by the 70-plus DDoS assaults towards Spain through the weeks prior and instantly after the nation’s common election in July 2023. Comparable occasions befell main as much as the Czech presidential election in January and the Polish parliamentary elections in October.
NoName057(16) has no enigmatic chief and there’s no proof for who financially sponsors the group, or if they’ve authorities linkages. It’s characterised by its military-like self-discipline and the calculated, repetitive nature of its assaults. The group is way extra rigorous in its goal reconnaissance than another pro-Russian hacktivist group. It additionally publishes proof of the worldwide unavailability of the focused web sites on the CheckHost web site, probably to spice up their very own ego.
What can also be distinctive in regards to the group is its technical concentrating on course of that’s fully reliant on volunteers to hold out its DDoS operations. A goal record is up to date day by day and is distributed by the group directors by way of encrypted C2 servers. The execution of the assaults, subsequently, depends on a bunch of Russian sympathizers who volunteer their non-public units and who’re paid in cryptocurrency for his or her participation. Many questions stay relating to who’s liable for selecting the targets and importing the record, however there’s a sturdy chance a core group of people make these government choices. Additionally peculiar is that not like another hacking group within the Russo-Ukrainian battle, NoName057(16) doesn’t prohibit its person base and is prepared to combine ideology with monetary incentives to recruit people to affix their efforts.
How NoName057(16) manufacturers itself
NoName057(16) launched its crowdsourced botnet, DDoSia, in July 2022. To make the assault toolkit extra accessible, it additionally has a Telegram channel each in Russian and English for directions and assist. Its toolkit was additionally hosted on GitHub till just lately, but it surely has since been taken down, which is curious given the quantity of illicit content material that continues to be made accessible on the web site.
A parallel may be drawn between the cyber operations of NoName057(16) and the IT Military of Ukraine, which additionally has a completely automated DDoS bot that targets Russian organizations. What units NoName057(16) aside is its built-in fee platform, which is difficult to trace because the group makes use of the open-source cryptocurrency TON for payouts. Consultants from Radware, a cybersecurity supplier, declare it’s “mainly untraceable.”
