The professional-Russia hacktivist group generally known as NoName057(16) has just lately began new assaults in opposition to organizations and companies throughout Poland, Lithuania and different nations. Most just lately, the group started concentrating on the web sites of the Czech presidential election candidates.
In accordance with SentinelOne, who found the brand new campaigns, the group performed these campaigns by utilizing public Telegram channels, a distributed denial of service (DDoS) fee program pushed by volunteers, a multi-OS supported toolkit and GitHub.
“The group has additionally made use of GitHub to host quite a lot of illicit exercise,” wrote Tom Hegel, a senior menace researcher at SentinelOne.
“This contains utilizing GitHub Pages for freely internet hosting their DDoS instrument web site […] and the related GitHub repositories for internet hosting the most recent model of their instruments as marketed within the Telegram channel.”
On this regard, SentinelOne mentioned it reported the abuse to the GitHub Belief & Security workforce, who took motion and eliminated the malicious accounts.
When it comes to motivations behind the NoName057(16) group, the safety researchers decided the hackers are primarily centered on disrupting web sites of countries important to Russia’s invasion of Ukraine.
“Preliminary assaults centered on Ukrainian information web sites, whereas later shifting to NATO-associated targets,” Hegel defined.
“For instance, the primary disruption the group claimed duty for have been the March 2022 DDoS assaults on Ukraine information and media web sites Zaxid, Fakty UA, and others. General the motivations focus on silencing what the group deems to be anti-Russian.”
Hegel additionally clarified that, from a technical standpoint, NoName057(16) is just not notably subtle. Nonetheless, the group can have an effect on service availability, even when usually short-lived.
“What this group represents is an elevated curiosity in volunteer-fueled assaults whereas now including in funds to its most impactful contributors,” added the safety skilled. “We count on such teams to proceed to thrive in right now’s extremely contentious political local weather.”
A listing of Indicators of Compromise (IoC) concerning NoName057(16) is out there within the SentinelOne advisory.
Its publication comes days after safety agency Lupovis revealed that separate teams of Russian hackers are utilizing their presence contained in the networks of organizations in a number of nations to launch assaults in opposition to Ukraine.
