Home / Threat Actors / NoName057 Threat Actor Profile

Overview

Since the onset of Russia’s invasion of Ukraine in 2022, several Kremlin-aligned “nationalist hacktivists” have emerged by leveraging cyberwarfare as a means of escalating national security confrontations between Kyiv and Moscow.

Predominantly amongst these threat actor personas is the NoName057(16) hacktivist collective, with its main mode of offensive operation being that of distributed denial-of-service (DDoS) attacks against various high-profile assets belonging to North Atlantic Treaty Organisation (NATO) member states based on their support for Ukraine, with a particular emphasis on government entities, financial companies, and transport hubs.

A defining feature of the NoName057 collective amongst additional pro-Russian hacktivists is the use of crowdsourcing, a method of increasing the potency of offensive efforts that was initially leveraged by the IT Army of Ukraine. Within the context of the ongoing Russia-Ukraine conflict, the group is positioning itself as pro-Moscow.

NoName057(16) often claims responsibility for their attacks through their Telegram channel and justifies their actions based on geopolitical events surrounding NATO countries supporting Ukraine. Prior to launching DDoS campaigns, the collective often discloses its target set on its Telegram channel with an accompanying accusation against the target nation, thus providing motivation for its upcoming offensive efforts.

Threat Actor Aliases

Aliases of the NoName057(016) hacktivist collective includes “DDoSia”, based on the group’s DDoS attack toolkit of the same name, developed and utilised by the hacktivist threat actor against nations that have criticised Moscow’s offensive against Kyiv.

Targeting Profile

TARGETED INDUSTRY SECTORS

We have detected NoName057(16) routinely launching DDoS attacks against various high-profile organisations within NATO member states, with a particular emphasis on government entities, financial companies, and transport hubs such as airports. Less frequent targets include organisations operating within the healthcare and energy industry verticals.

TARGETED REGIONS

The vast majority of NoName057(16) DDoS operations are targeted against NATO member states, an offensive profile that we have assessed to be almost certainly aligned with the alliance supporting Ukraine amidst the ongoing Russian invasion.

Figure 1: NATO member state targeting profile of NoName057(16) DDoS operations.

Threat Actor Motivations

The Moscow-aligned NoName057(16) hacktivist unit justifies their operations based on geopolitical events surrounding NATO countries supporting Ukraine. Prior to launching DDoS campaigns, the collective often discloses its target set on its Telegram channel with an accompanying accusation against the target nation, thus providing motivation for its upcoming offensive efforts.

The Quorum Cyber Threat Intelligence team provides threat actor profiles so that you can better understand cybercriminals’ tactics, techniques, and procedures (TTPs).

Download your NoName057 report to read more details today.