Loading...

News

NoName057: the pro-Russian Group under the spotlight

The DDoS attacks on Italian institutions and companies highlight a growing threat from the pro-Russian hacktivist group NoName057, which emerged in March 2022. Openly supporting the Russian Federation, the group uses DDoS attacks as tools of propaganda and sabotage against Moscow's geopolitical adversaries, targeting websites of institutions, businesses, and critical infrastructure across Europe.

The pro-Russian group

Table of contents

  • Who are NoName057 
  • How NoName057 operates 
  • Recent actions: Italy in the crosshairs 
  • Connections with other groups and future strategies 
  • The necessary response 

This article explores the hacker group NoName057, analyzing who they are, how they operate, and their recent activities that have alarmed national cyber security authorities. 

DDoS (Distributed Denial of Service) attacks conducted against Italian institutions and companies highlight a growing threat from these pro-Russian hacktivist groups, making it crucial to understand their modus operandi to defend computer systems. 

Who are NoName057 

NoName057, also known as NoName057 DDoS, is a group of pro-Russian activists that emerged in the realm of cyberattacks in March 2022

The group has openly declared its support for the Russian Federation and uses its attacks as tools of propaganda and sabotage against Moscow’s geopolitical adversaries. 

Since their debut, NoName057 has stood out for their frequent use of DDoS attacks, targeting websites of institutions, companies, and critical infrastructure in Europe. 

How NoName057 operates 

The group primarily uses DDoS (Distributed Denial of Service) attacks, which overwhelm the target websites’ servers with massive volumes of traffic generated by botnets. 

These attacks aim to render websites inaccessible, causing disruptions and reputational damage. Recent targets include Italian institutional websites, such as the Guardia di Finanza portal, the Ministry of Labor site, and the Constitutional Court website. 

According to cyber threat intelligence analyses, the group uses underground channels to coordinate operations and disseminate target lists, often providing real-time updates on the effectiveness of their attacks. 

Recent actions: Italy in the crosshairs 

In recent days, NoName057 has intensified its activities, targeting several Italian institutions for the second consecutive day. Among the targets were the websites of the ports of Trieste and Taranto, the Air Force, the Navy, the National Recovery and Resilience Plan (PNRR) portal, several banks like BPER, and even the High Council of the Judiciary.

These attacks were claimed by the group through their communication channels and confirmed by cyber threat intelligence sources

Some of the most affected websites include: 

  • concorsi.gdf.gov.it 
  • www.aeronautica.difesa.it 
  • www.bper.it 
  • www.mimit.gov.it 

Currently, many of these sites remain offline, demonstrating the effectiveness of the attacks and the challenges in managing national cyber security

The pro-Russian group

Connections with other groups and future strategies 

NoName057 appears to collaborate with other hacker groups and has recently launched a platform called DDosia, allowing affiliated individuals to actively participate in attacks in exchange for rewards.

This evolution in their operational model underscores a well-structured strategy to expand their reach and amplify the impact of their actions. 

The necessary response 

The recent attacks have raised questions about the preparedness level of Italian infrastructures, particularly in light of the new NIS2 directives. While formal security measures seem to be in place, actions by groups like NoName057 show that much work remains to be done to prevent such incidents.

The adoption of advanced monitoring tools and the implementation of mitigation measures must become priorities across all sectors. 


Questions and answers 

  1. Who are NoName057?
    A group of pro-Russian hackers known for conducting DDoS attacks against institutional and corporate websites. 
  2. What does NoName057 DDoS mean?
    It refers to the group’s main strategy, namely DDoS (Distributed Denial of Service) attacks. 
  3. When did they first appear?
    The group has been active since March 2022, with actions aimed at supporting the Russian Federation. 
  4. What are their main targets?
    Institutions, critical infrastructure, and companies in countries opposing Russia. 
  5. What is their connection with other collectives?
    They collaborate with other activist groups, using platforms like DDosia to expand their operations. 
  6. Which Italian institutions have they recently targeted?
    Portals such as those of the Guardia di Finanza, Ministry of Labor, and Air Force. 
  7. What is a DDoS attack?
    A cyberattack that overwhelms a site or network, rendering it inaccessible. 
  8. What are underground channels?
    Online platforms used by NoName057 to plan attacks and share information. 
  9. Why are they considered a threat?
    Due to their ability to target strategic objectives and cause significant disruptions. 
  10. What is the impact of the NIS2 directives?
    The directives aim to improve infrastructure security, but recent attacks highlight gaps that need to be addressed. 
To top