The cyber threat actor known as NoName057(16) has been observed changing tactics amid the escalating conflict between Ukraine and Russia.
The group has gained notoriety for their involvement in Project DDoSia, an initiative aimed at executing large-scale distributed denial-of-service (DDoS) attacks against entities supporting Ukraine, predominantly NATO member states.
Sekoia.io, a cybersecurity monitoring platform, has been actively tracking the command-and-control (C2) infrastructure of the DDoS tool utilized by NoName057(16). They have observed significant developments in the software shared by the group, including updates enhancing compatibility with different processor architectures and operating systems.
According to an advisory published by the security experts last Friday, the group has also provided tailored versions of the software for users based on their geographical location, with explicit instructions for Russian users to employ a VPN.
The latest iteration of the DDoSia software introduces enhanced encryption mechanisms for data transmission between users and their C2 servers. This reflects a continuous evolution towards more sophisticated techniques. Despite these advancements, the group has reportedly faced challenges in maintaining the stability of its C2 servers, leading to frequent changes and diversification of hosting locations globally.
Analysis of victimology revealed a persistent focus on European targets, with Ukraine remaining the primary target due to ongoing geopolitical tensions. Notably, Finland and Italy have also been heavily impacted, likely due to their NATO affiliations and support for Ukraine. The group’s actions seem intricately linked to geopolitical developments, as evidenced by targeted attacks coinciding with international events.
Read more on similar attacks: Ukraine Arrests Hacker for Assisting Russian Missile Strikes
A significant portion of the impacted entities belong to government-related sectors, indicating a strategic focus on influencing governmental policies. Additionally, the transportation and banking sectors have been targeted, possibly for their economic significance or political relevance.
Despite disruptions to its infrastructure and frequent software changes, NoName057(16) continues to expand its reach and influence, as evidenced by growing membership and collaboration with other hacktivist groups. Sekoia.io anticipates further developments and updates from DDoSia in the near future, highlighting the persistent threat posed by such entities in the cybersecurity landscape.