Ddosia

Threat Actor updated 3 months ago (2024-05-24T02:17:32.606Z)

Download STIX

Preview STIX

Ddosia, a project launched by the pro-Russian hacktivist group NoName057(16), is a significant threat actor that has been facilitating continuous DDoS attacks on government and private organization websites. Initiated in July 2022, the Ddosia project mirrors similar initiatives like the pro-Ukrainian Liberator by disBalancer and the fully automated DDoS bot project by the IT ARMY of Ukraine. The project harnesses the power of politically driven hacktivists who willingly download and install a bot on their computers to launch denial-of-service attacks, primarily targeting Western nations supporting Ukraine amidst Russia's ongoing invasion. The Ddosia project has seen substantial growth since its inception, with NoName057(16) amassing a following of 40,000 members and the Ddosia volunteer botnet project reaching 7,000 members. In an innovative twist, Ddosia has gamified DDoS attacks, offering financial incentives to top contributors of successful denial-of-service attacks. The project allows NoName to commandeer host computers and their internet connections for coordinated DDoS campaigns. As of late 2023, Ddosia's Telegram project had nearly 20,000 users, while NoName057(16)'s channels had surpassed 60,000, doubling since the previous year. Despite its success, Ddosia faces some challenges. The software lacks automated IP address change capabilities, necessitating frequent C2 server changes. While the latest software version improved data transmission, Ddosia admins had to frequently alter the C2 servers in 2024 due to stability issues. However, the group continues to innovate; as recently as November 11, 2023, Project Ddosia expanded processor support to 32-bit and added FreeBSD compatibility, further enhancing its potential impact.

Description last updated: 2024-05-24T02:15:39.239Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Noname057(16)	2	NoName057(16), a threat actor group, has been increasingly active in executing attacks with malicious intent, primarily targeting government websites in Estonia, Lithuania, and Poland. The group's activities have become more news-driven, indicating a strategic shift in their operations. In compariso

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ddos

Botnet

Tool

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Ddosia Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Krebs on Security	3 months ago	Stark Industries Solutions: An Iron Hammer in the Cloud
CERT-EU	6 months ago	12 Months of Fighting Cybercrime & Defending Enterprises \| #cybercrime \| #infosec \| National Cyber Security Consulting
CERT-EU	6 months ago	Project DDoSia - Russian Hackers Planning Massive DDoS Attack \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	6 months ago	Russian Hackers "NoName057(16)" Planning Massive DDoS Attack \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	6 months ago	Hacktivist Collective NoName057(16) Strikes European Targets
CERT-EU	6 months ago	NoName057(16)’s DDoSia project: 2024 updates and behavioural shifts
BankInfoSecurity	8 months ago	Swiss Government Reports Nuisance-Level DDoS Disruptions
CERT-EU	8 months ago	How Russia’s NoName057(16) could be a new model for hacking groups \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	2023 - A Significant Year For Cyber Incidents
CERT-EU	a year ago	Pro-Russian hackers claim attacks on French, Dutch websites
CERT-EU	a year ago	What's in a NoName? Researchers see a lone-wolf DDoS group \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Hacktivism Unveiled, April 2023 Insights Into the Footprints of Hacktivists
CERT-EU	a year ago	Cyber Attacks by Non-State Actors Continue Astride in Europe
CERT-EU	a year ago	Pro-Russian hackers claim attacks on Italian banks
CERT-EU	a year ago	Russian Hacktivism Takes a Toll on Organizations in Ukraine, EU, US
CERT-EU	a year ago	The Continued Expansion of Cyber Incidents by Non-State Actors in the War in Europe
CERT-EU	a year ago	DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
Securityaffairs	a year ago	NoName(057)16's DDoSia Project’s gets an upgrade
CERT-EU	a year ago	Hacktivists With a Pro-Russian Agenda Increase Membership by 2,400% in DDoSia \| IT Security News
CERT-EU	a year ago	Significant growth in pro-Russia DDoSia project membership reported