Tracking NoName057(16), Another Pro-Russian Group
Category: Critical Infrastructure Security | Industries: Critical Infrastructure, Financial, Government | Level: Strategic | Source: SentinelOne
Pro-Russia hacktivist group NoName057(16), has been an underreported but very active, threat group since the start of the Russian and Ukraine war. Researchers from SentinelOne detailed in their latest report the attacks launched by NoName057(16) have primarily involved using DDoS or web attacks to disrupt operations in nations supporting Ukraine much like another pro-Russian hacktivist group, Killnet. NoName057(16) is linked to attacks against several NATO entities since March 2022, with their most recent attacks against a Polish government website and a leading financial institution in Denmark. Verticals targeted include organizations in critical infrastructure, government agencies, and most notably financial institutions.
Analysis from SentinelOne identified the group organizes their operations through a Telegram channel "to claim responsibility for their attacks, mock targets, make threats, and generally justify their actions as a group. Interestingly, NoName057(16) makes attempts to teach their followers through educational content such as explaining basic industry jargon and attack concepts." NoName057(16) operators have often incentivized their followers with financial compensation by providing cryptocurrency payments for its top DDoS contributors. Recently, GitHub has deactivated accounts utilized by a pro-Russian hacktivist group, 'NoName057(16)' to host distributed denial of service (DDoS) tools and other malicious files.