Threat Insight

Takedown of large Pro-Russian DDoS Group

  • Insight

Takedown of Large Pro-Russian DDoS Group

Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the hacktivist network NoName057(16). Law enforcement and judicial authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands and the United States took simultaneous actions against offenders and infrastructure belonging to the pro-Russian cybercrime network.

The actions led to the disruption of an attack-infrastructure consisting of over one hundred computer systems worldwide, while a major part of the group’s central server infrastructure was taken offline. Germany issued six warrants for the arrest of offenders living in the Russian Federation. Two of these persons are accused of being the main instigators responsible for the activities of “NoName057(16)”.

Assessment

NoName057(16) has for a long time been a hub for pro-Russian DDoS attacks. They have offered bounties and cash prizes for people who used their attack infrastructure to direct DDoS attacks against targets assigned by NoName057(16).

Since the takedown of Noname057(16) there has been reports of an increase in activity among smaller pro-Russian brands of DDoS attacks. There are also reports of some infighting among other pro-Russian hacktivists. It is likely that different pro-Russian groups are now jockeying for position to be the leaders.

It’s also possible that individuals that previously conducted DDoS attacks using NoName057(16) brand in order to win the offered cash bounties, now are using their own personal brands instead.

Even if the disruption of NoName057(16) may temporarily lead to fewer DDoS attacks, the intensity and sophistication in DDoS attacks overall is assessed to continue to increase. If your organization is dependent on continuous internet connection for vital services where an interruption of availability for some hours will directly impact your business, it is recommended that you have proper DDOS protection for this service. It’s also recommended that you revisit your DDOS defense posture at least annually to ensure your protection is up to date with the current threats.

References

[1] https://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network