DDoS Participation Rises for Pro-Russian Hackers

Category: Threat Actor Activity | Industry: Global | Source: Sekoia

The crowdsourced DDoS (distributed denial of service) attack toolkit called 'DDoSia,' associated with pro-Russia activities, has experienced a significant surge in growth since it was started on March 2022 by the pro-Russian hacking group "NoName057(16)." In a report from Sekoia, the DDoSia Telegram channel is observed to have accumulated a user base of over 10,000 individuals on its Telegram channel. Since October 2022, the project has supported at least 400 active users. NoName057(16) influence with over 45,000 subscribers on its Telegram likely aided in the project's support along with monetary compensation for active participants. NoName057 Telegram channels are described to be "very active" providing sub-channels for general chats, tutorial, and support channels along with a channel proposing desired targets for DDoS.

"They were notably observed conducting DDoS attacks against European, Ukrainian, and U.S. websites of government agencies, media, and private companies. Regularly, the group posts messages claiming successful attacks," said Sekoia. During the period of May and June 2023, the DDoSia tool primarily targeted several countries, including Lithuania, Ukraine, Poland, Italy, the Czech Republic, and Denmark. This trend suggests that the DDoS project specifically focuses on Ukraine and NATO countries, particularly those that have been vocal in their support for Ukraine. "A second group, mostly Western countries, is the secondary DDoSia target, including France, the United Kingdom, Italy, Canada and other EU countries, almost certainly as they supported Ukraine both politically, militarily, and economically since the beginning of the conflict." There doesn't appear to be a specific focus on industry targets, as a range of organizations have been targeted including entities in education, financial services, transportation, and government.