Noname057(16)

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
NoName057(16), a threat actor group, has been increasingly active in executing attacks with malicious intent, primarily targeting government websites in Estonia, Lithuania, and Poland. The group's activities have become more news-driven, indicating a strategic shift in their operations. In comparison to other hacktivist groups like Killnet, NoName057(16) has been significantly more active, launching 544 attacks during a recent period as opposed to Killnet's 11. The Canadian government has issued an alert on NoName057(16)'s activities, advising organizations to consider third-party DDoS solutions to manage the nuisance activity and prevent significant malicious actions. The threat actor group has seen an exponential growth of 2,400% since its emergence last summer, with more than 10,000 threat actors becoming active members of NoName057(16)'s crowdsourced DDoSia platform. This pro-Russian hacktivist operation communicates via Telegram channels, one in Russian and another in English, boasting over 45,000 subscribers. Despite causing short-lived disruptions, according to cybersecurity firm SentinelOne, the group's DDoS incidents have had little to no wider consequences. NoName057(16) is continuously developing its capabilities, making efforts to make their malware compatible with multiple operating systems. This reflects their intention to target a broader set of victims by making their malware accessible to a large number of users. Analysts at Sekoia.io predict that the group will continue to strengthen the security of their software, driven by their active community and increasing scrutiny from the CTI community. As such, it is crucial for organizations to stay updated with the latest cybersecurity threats and emerging trends to effectively counteract these potential risks.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Ddosia
2
Ddosia, a project launched by the pro-Russian hacktivist group NoName057(16), is a significant threat actor that has been facilitating continuous DDoS attacks on government and private organization websites. Initiated in July 2022, the Ddosia project mirrors similar initiatives like the pro-Ukrainia
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Telegram
Ddos
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
KillNetUnspecified
1
Killnet is a pro-Russian threat actor group that has been linked to a series of disruptive cyberattacks, particularly targeting governments and organizations that have expressed support for Ukraine. The group's activities gained prominence after Russia was banned from the 2022 FIFA World Cup due to
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Noname057(16) Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
How Russia’s NoName057(16) could be a new model for hacking groups | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Significant growth in pro-Russia DDoSia project membership reported
CERT-EU
a year ago
Top 15 most active political and religious hacktivists groups revealed
CERT-EU
a year ago
Pro-Russian hackers claim attacks on Italian banks
Securityaffairs
a year ago
NoName(057)16's DDoSia Project’s gets an upgrade
CERT-EU
a year ago
Pro-Russian hackers claim attacks on French, Dutch websites
CERT-EU
10 months ago
Canadian Government Targeted With DDoS Attacks by Pro-Russia Group
CERT-EU
a year ago
Russian Hacktivist Platform 'DDoSia' Grows Exponentially