Noname057(16)

NoName057(16), a threat actor group, has been increasingly active in executing attacks with malicious intent, primarily targeting government websites in Estonia, Lithuania, and Poland. The group's activities have become more news-driven, indicating a strategic shift in their operations. In comparison to other hacktivist groups like Killnet, NoName057(16) has been significantly more active, launching 544 attacks during a recent period as opposed to Killnet's 11. The Canadian government has issued an alert on NoName057(16)'s activities, advising organizations to consider third-party DDoS solutions to manage the nuisance activity and prevent significant malicious actions. The threat actor group has seen an exponential growth of 2,400% since its emergence last summer, with more than 10,000 threat actors becoming active members of NoName057(16)'s crowdsourced DDoSia platform. This pro-Russian hacktivist operation communicates via Telegram channels, one in Russian and another in English, boasting over 45,000 subscribers. Despite causing short-lived disruptions, according to cybersecurity firm SentinelOne, the group's DDoS incidents have had little to no wider consequences. NoName057(16) is continuously developing its capabilities, making efforts to make their malware compatible with multiple operating systems. This reflects their intention to target a broader set of victims by making their malware accessible to a large number of users. Analysts at Sekoia.io predict that the group will continue to strengthen the security of their software, driven by their active community and increasing scrutiny from the CTI community. As such, it is crucial for organizations to stay updated with the latest cybersecurity threats and emerging trends to effectively counteract these potential risks.