Ddosia

Threat Actor updated a year ago (2024-11-29T13:57:45.685Z)

Download STIX

Preview STIX

DDosia is a threat actor group that has been actively involved in executing Distributed Denial of Service (DDoS) attacks against government and private organization websites, primarily targeting Western nations supporting Ukraine amidst the ongoing Russian invasion. In July 2022, DDoSia launched a crowdsourced botnet project named "DDOSIA," which mirrors other politically motivated initiatives such as the pro-Ukrainian Liberator by disBalancer and the fully automated DDoS bot project by the IT ARMY of Ukraine. The DDOSIA project uses hacktivists who voluntarily download and install a bot on their computers to launch denial-of-service attacks. NoName057(16), a pro-Russian hacktivist group unaffiliated with Killnet, generated a following of 40,000 members, and its DDosia volunteer botnet project gained 7,000 members. The DDOSIA project stands out by offering financial incentives to top contributors of successful denial-of-service attacks, effectively gamifying DDoS attacks. The Russian group has used every attack capability of the DDosia botnet, employing a wide range of direct-path attack vectors against multiple targets. The latest iteration of the DDoSia software introduced enhanced encryption for data flows between users and their command-and-control (C2) servers, aiming to improve infrastructure stability. Despite these advancements, the DDoSia system faced stability challenges due to frequent changes in C2 servers in 2024. As per Radware's research, NoName has successfully recruited hacktivists via its Telegram channel and offered to pay people willing to install the DDoSia software. The DDoSia’s Telegram project has nearly 20,000 users, while NoName057(16) channels have surpassed 60,000, doubling since 2023. Although DDoSia likely uses its servers to participate actively in attacks, it lacks automated IP address change despite frequent C2 changes. The Sekoia report noted that while the latest software version improved data transmission, DDoSia admins continued to change the C2 servers frequently in 2024.

Description last updated: 2024-11-04T11:02:24.392Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Project Ddosia is a possible alias for Ddosia. Project DDoSia, orchestrated by the Russian hacker group "NoName057(16)", has been identified as a significant threat actor in the cybersecurity landscape. The group's activities have increased since the onset of the Ukraine conflict, with a specific focus on executing massive Distributed Denial-of-	2
Noname057(16) is a possible alias for Ddosia. NoName057(16), a threat actor group, has been increasingly active in executing attacks with malicious intent, primarily targeting government websites in Estonia, Lithuania, and Poland. The group's activities have become more news-driven, indicating a strategic shift in their operations. In compariso	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ddos

Botnet

Tool

Russia

Hacktivist

Bot

Encryption

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Ddosia Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Recorded Future	2 months ago	Inside DDoSia: NoName057(16)’s Pro-Russian DDoS Campaign Infrastructure
InfoSecurity-magazine	4 months ago	DDoS Attacks on Financial Sector Surge in Scale and Sophistication
Recorded Future	6 months ago	How Threat Intelligence Enhances Security Spending Efficiency
InfoSecurity-magazine	a year ago	UK Council Sites Recover Following Russian DDoS Blitz
DARKReading	a year ago	Russia-Linked Hacktivists Attack Japan's Govt, Ports
Krebs on Security	a year ago	Stark Industries Solutions: An Iron Hammer in the Cloud
CERT-EU	2 years ago	12 Months of Fighting Cybercrime & Defending Enterprises \| #cybercrime \| #infosec \| National Cyber Security Consulting
CERT-EU	2 years ago	Project DDoSia - Russian Hackers Planning Massive DDoS Attack \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	2 years ago	Russian Hackers "NoName057(16)" Planning Massive DDoS Attack \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	2 years ago	Hacktivist Collective NoName057(16) Strikes European Targets
CERT-EU	2 years ago	NoName057(16)’s DDoSia project: 2024 updates and behavioural shifts
BankInfoSecurity	2 years ago	Swiss Government Reports Nuisance-Level DDoS Disruptions
CERT-EU	2 years ago	How Russia’s NoName057(16) could be a new model for hacking groups \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	2 years ago	2023 - A Significant Year For Cyber Incidents
CERT-EU	2 years ago	Pro-Russian hackers claim attacks on French, Dutch websites
CERT-EU	2 years ago	What's in a NoName? Researchers see a lone-wolf DDoS group \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	2 years ago	Hacktivism Unveiled, April 2023 Insights Into the Footprints of Hacktivists
CERT-EU	2 years ago	Cyber Attacks by Non-State Actors Continue Astride in Europe
CERT-EU	2 years ago	Pro-Russian hackers claim attacks on Italian banks
CERT-EU	2 years ago	Russian Hacktivism Takes a Toll on Organizations in Ukraine, EU, US