The professional-Russia hacktivist group often known as NoName057(16) has not too long ago began new assaults in opposition to organizations and companies throughout Poland, Lithuania and different international locations. Most not too long ago, the group started concentrating on the web sites of the Czech presidential election candidates.
In response to SentinelOne, who found the brand new campaigns, the group carried out these campaigns by utilizing public Telegram channels, a distributed denial of service (DDoS) fee program pushed by volunteers, a multi-OS supported toolkit and GitHub.
“The group has additionally made use of GitHub to host a wide range of illicit exercise,” wrote Tom Hegel, a senior risk researcher at SentinelOne.
“This consists of utilizing GitHub Pages for freely internet hosting their DDoS instrument web site […] and the related GitHub repositories for internet hosting the newest model of their instruments as marketed within the Telegram channel.”
On this regard, SentinelOne stated it reported the abuse to the GitHub Belief & Security workforce, who took motion and eliminated the malicious accounts.
When it comes to motivations behind the NoName057(16) group, the safety researchers decided the hackers are primarily centered on disrupting web sites of countries important to Russia’s invasion of Ukraine.
“Preliminary assaults centered on Ukrainian information web sites, whereas later shifting to NATO-associated targets,” Hegel defined.
“For instance, the primary disruption the group claimed accountability for had been the March 2022 DDoS assaults on Ukraine information and media web sites Zaxid, Fakty UA, and others. General the motivations focus on silencing what the group deems to be anti-Russian.”
Hegel additionally clarified that, from a technical standpoint, NoName057(16) just isn’t significantly refined. Nonetheless, the group can have an effect on service availability, even when typically short-lived.
“What this group represents is an elevated curiosity in volunteer-fueled assaults whereas now including in funds to its most impactful contributors,” added the safety knowledgeable. “We anticipate such teams to proceed to thrive in right now’s extremely contentious political local weather.”
An inventory of Indicators of Compromise (IoC) relating to NoName057(16) is out there within the SentinelOne advisory.
Its publication comes days after safety agency Lupovis revealed that separate teams of Russian hackers are utilizing their presence contained in the networks of organizations in a number of international locations to launch assaults in opposition to Ukraine.
