Noname

Threat Actor updated 22 days ago (2024-11-29T14:50:26.540Z)

Download STIX

Preview STIX

NoName, also known as CosmicBeetle, is a pro-Russia threat actor group that has been active since at least 2020. The group is notorious for exploiting years-old vulnerabilities in systems, particularly those of small and medium-sized businesses, which have often left these flaws unpatched. They have a history of using these vulnerabilities to launch attacks globally, including the exploitation of a flaw in Veeam Backup (CVE-2023-27532) and a 2022 flaw in FortiOS SSL-VPN (CVE-2022-42475). NoName's operations are marked by their use of custom ransomware, cryptor malware tracked as ScRansom, and their initial attempts to infect systems, as seen in a June hacking incident at an unnamed Indian manufacturing company. In September 2023, NoName escalated their activities by setting up a dedicated leak site (DLS) on Tor, dubbed NONAME. This move was mirrored when they registered the domain lockbitblog[.]info, adopting a similar approach but incorporating the LockBit logo. Researchers discovered that NoName had been experimenting with LockBit's leaked builder, even creating a counterfeit leak site that mimicked LockBit's platform. This fake site hosted ransom notes and attempted to convince victims that they had been targeted by the infamous LockBit group. The group gained significant attention following a DDoS attack on Canadian airports, causing severe disruptions. This event highlighted NoName's capacity to cause substantial real-world harm. More recently, researchers from Eset have suggested with medium confidence that NoName has allied with RansomHub, further expanding their potential threat landscape. As such, NoName represents a considerable ongoing cybersecurity risk, particularly for organizations with unpatched system vulnerabilities.

Description last updated: 2024-10-17T11:46:38.189Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Cosmicbeetle is a possible alias for Noname. CosmicBeetle, also known as NoName, is a threat actor that has been active since 2020. ESET researchers have recently published an in-depth analysis of this cybercrime group's activities. Despite the crude and clumsy nature of its operations, CosmicBeetle has managed to compromise various targets wo	2
Lockbit is a possible alias for Noname. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ddos

Exploit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Noname Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	6 months ago	A cyberattack shutdown the University Hospital Centre Zagreb in Croatia
DARKReading	6 months ago	Akamai Completes Acquisition of API Security Company Noname
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	6 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	5 months ago	security-affairs-malware-newsletter-round-5
BankInfoSecurity	3 months ago	Breach Roundup: Mexico in Hacker Spotlight
BankInfoSecurity	3 months ago	NoName Apparently Allies With RansomHub Operation
ESET	3 months ago	CosmicBeetle steps up: Probation period at RansomHub
BankInfoSecurity	4 months ago	A Tangled Web We Weave: When Reported M&A Never Materializes
CERT-EU	10 months ago	NoName Ransomware Claims Cyberattack On Denmark \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	10 months ago	Noname Security joins top-tier firms on coveted CRN 2024 Security 100 list
CERT-EU	a year ago	Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos
CERT-EU	a year ago	Against the backdrop of Zelensky's visit to Davos, hackers associated with Russia attacked Switzerland \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	NoName Ransomware Attack On Ukraine Targets 6 Govt Sites \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	Russian Hacktivism Takes a Toll on Organizations in Ukraine, EU, US
CERT-EU	a year ago	Survey Sees More Cyberattacks Targeting APIs