A global operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group referred to as NoName057(16) that has been linked to a string of distributed denial-of-service (DDoS) assaults in opposition to Ukraine and its allies.
The actions have led to the dismantling of a significant a part of the group’s central server infrastructure and greater than 100 techniques the world over. The joint effort additionally included two arrests in France and Spain, searches of two dozen properties in Spain, Italy, Germany, the Czech Republic, France and Poland, and the issuance of arrest warrants for six Russian nationals.
The hassle, codenamed Operation Eastwood, passed off between July 14 and 17, and concerned authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands, and the USA. The investigation was additionally supported by Belgium, Canada, Estonia, Denmark, Latvia, Romania and Ukraine.
NoName057(16) has been operational since March 2022, appearing as a pro-Kremlin collective that mobilizes ideologically motivated sympathizers on Telegram to launch DDoS assaults in opposition to web sites utilizing a particular program referred to as DDoSia in trade for a cryptocurrency fee in an effort to maintain them incentivized. It sprang up shortly after Russia’s invasion of Ukraine.
5 people from Russia have been added to the E.U. Most Wished record for allegedly supporting NoName57(16) –
- Andrey Muravyov (aka DaZBastaDraw)
- Maxim Nikolaevich Lupin (aka s3rmax)
- Olga Evstratova (aka olechochek, olenka)
- Mihail Evgeyevich Burlakov (aka Ddosator3000, darkklogo)
- Andrej Stanislavovich Avrosimow (aka ponyaska)
“BURLAKOV is suspected of being a central member of the group ‘NoName057(16)’ and as such of getting made a big contribution to performing DDoS assaults on varied establishments in Germany and different international locations,” in line with an outline posted on the Most Wished fugitives website.
“Particularly, he’s suspected of assuming a number one position throughout the group below the pseudonym ‘darkklogo’ and on this position of getting taken choices together with on the event and additional optimisation of software program for the strategic identification of targets and for creating the assault software program, in addition to having executed funds regarding renting illicit servers.”
Evstratova, additionally believed to be a core member of the group, has been accused of taking up tasks to optimize the DDoSia assault software program. Avrosimow has been attributed to 83 instances of laptop sabotage.
Europol mentioned officers have reached out to greater than 1,000 people who’re believed to be supporters of the cybercrime community, notifying them of the legal legal responsibility they bear for orchestrating DDoS assaults utilizing automated instruments.
“Along with the actions of the community, estimated at over 4,000 supporters, the group was additionally in a position to assemble their very own botnet made up of a number of hundred servers, used to extend the assault load,” Europol famous.
“Mimicking game-like dynamics, common shout-outs, leaderboards, or badges offered volunteers with a way of standing. This gamified manipulation, usually focused at youthful offenders, was emotionally bolstered by a story of defending Russia or avenging political occasions.”
In recent times, risk actors have been noticed staging a collection of assaults aimed toward Swedish authorities and financial institution web sites, in addition to in opposition to 250 firms and establishments in Germany over the course of 14 separate waves since November 2023.
Final July, Spain’s La Guardia Civil arrested three suspected members of the group for taking part in “denial-of-service cyber assaults in opposition to public establishments and strategic sectors of Spain and different NATO international locations.”
The event comes as Russian hacktivist teams like Z-Pentest, Darkish Engine, and Sector 16 are more and more coaching their sights on essential infrastructure, going past DDoS assaults and web site defacements which can be sometimes related to ideologically motivated cyber assaults.
“The teams have aligned messaging, coordinated timing, and shared concentrating on priorities, suggesting deliberate collaboration supporting Russian strategic cyber aims,” Cyble mentioned.
