NoName057 Threat Actor Profile

Since the onset of Russia’s invasion of Ukraine in 2022, several Kremlin-aligned “nationalist hacktivists” have emerged by leveraging cyberwarfare as a means of escalating national security confrontations between Kyiv and Moscow.

Predominantly amongst these threat actor personas is the NoName057(16) hacktivist collective, with its main mode of offensive operation being that of distributed denial-of-service (DDoS) attacks against various high-profile assets belonging to North Atlantic Treaty Organisation (NATO) member states based on their support for Ukraine, with a particular emphasis on government entities, financial companies, and transport hubs.

A defining feature of the NoName057 collective amongst additional pro-Russian hacktivists is the use of crowdsourcing, a method of increasing the potency of offensive efforts that was initially leveraged by the IT Army of Ukraine. Within the context of the ongoing Russia-Ukraine conflict, the group is positioning itself as pro-Moscow.

NoName057(16) often claims responsibility for their attacks through their Telegram channel and justifies their actions based on geopolitical events surrounding NATO countries supporting Ukraine. Prior to launching DDoS campaigns, the collective often discloses its target set on its Telegram channel with an accompanying accusation against the target nation, thus providing motivation for its upcoming offensive efforts.