Share this article on:
The war in Ukraine has seen an increase in hacking and cyber crime all over the globe, but nowhere has it been more prevalent than against those countries explicitly opposing the Russian-instigated conflict.
Though its disruptions have largely been at a more nuisance level, NoName057(16) is one of many pro-Russian groups in operation at the moment and its operations are typical of such nationalist-motivated actors.
The group has been operating since March of 2022 and hit a peak of popularity on its public Telegram channel in July of the same year.
In fact, it seems that NoName057(16) is just as concerned about promoting itself, its actions, and Russian interests as it is in the DDOS operations it sustains.
The group first targeted Ukrainian news sites but has since branched out into other countries, and a wider range of political targets.
“Organisations targeted are commonly critical infrastructure sectors whose operations are vital to the target nation,” says researcher Tom Hegel of cyber security outfit SentinelOne.
After the Sejm of the Republic of Poland recognised Russia as a sponsor of terrorism in December, NoName057(16) targeted the political body in that same month. In January, the group began targeting Lithuanian shipping operations and a number of banks in Denmark, briefly taking websites offline.
NoName057(16) also attempted to disrupt the 13–14 January Czech presidential election. The websites of various candidates and the Ministry of Foreign Affairs were all targeted by DDOS attacks.
While the group has been known to use the Bobik botnet for its DDOS operations, it largely relies on volunteers using its own suite of tools, which until recently were available on GitHub. DDOSIA, NoName057(16)’s own in-house software, comes in two versions — one written in Python and the other in Google’s GoLang.
Both tools keep a remarkably detailed set of statistics, which is related to the group’s use of volunteer operators. Using this, NoName057(16) can pay top operators in crypto, adding more processing firepower to the group’s operations.
Both versions of the group’s DDOS tools have since been removed from GitHub.
According to SentinelOne, while the group’s DDOS operations only lead to brief disruptions, the group prizes its successes more as propaganda wins rather than as any substantial disruption. Alongside posting its exploits on Telegram, NoName057(16) also posts pro-Russian memes and other social content.
“Did any of us know at the start of the year that something like this would happen?” the group’s New Year’s post reads. “Did we, ordinary programmers and difficult guys from the darknet, know that we would need to go to the real and digital frontiers? Did anyone know that the issues of protecting the Motherland and the re-education of the "civilized”[sic]. world would be carried out by us as well? No. No one knew.”
As stated earlier, NoName057(16) posts hit peak popularity in the middle of last year, but as other groups have come to light — and with more success — this one’s popularity has waned considerably, however it is clearly still active.
Clearly, NoName057(16) is not interested in profit, though it does pay its volunteers. Nationalism is the group’s main motivator, so a lack of success is not likely to slow down its operations.
As the war goes on, we expect to hear a lot more from NoName057(16) — even if fewer people are listening.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.