Pro-Russian hacktivist group NoName057(16) has conducted a sweeping distributed denial-of-service (DDoS) campaign, compromising over 3,700 unique internet-facing hosts in just thirteen months according to recent findings by Insikt Group.
These cyberattacks predominantly targeted government and public sector entities across European nations that have opposed Russia’s ongoing invasion of Ukraine, underlining the intensifying nature of hybrid and asymmetric cyber warfare on the continent.
Pro-Russian Hacktivists
Emerging in March 2022 shortly after the escalation of conflict in Ukraine, NoName057(16) swiftly established itself as a persistent threat actor, leveraging a strategically coordinated volunteer-driven DDoS platform known as “DDoSia.”
The collective’s operational tempo has been remarkably high, with analysis indicating an average of 50 distinct target hosts attacked daily, and activity surging in response to shifts in the geopolitical and military landscape.
A notable concentration of attacks was directed at Ukrainian organizations (29.5% of observed activity), with France, Italy, and Sweden also significantly affected demonstrating a clear correlation between targeting and each nation’s political stance regarding the Russian-Ukrainian conflict.
By industry, government and public sector entities bore the brunt of the campaign, accounting for 41% of all attacks, followed by the transportation, logistics, and technology sectors.
Technical analysis by Insikt Group, utilizing Recorded Future Network Intelligence, revealed the underlying sophistication of NoName057(16)’s attack infrastructure. The group maintains a multi-tiered command-and-control (C2) architecture.
Tier 1 C2 servers are rapidly rotated averaging a nine-day lifespan to evade detection and takedowns.
These servers are allowed exclusive connectivity to more covert Tier 2 C2 assets, which remain shielded by access control lists, bolstering the reliability and persistence of the group’s DDoS operations.
Detailed pattern-of-life analysis further suggests that operational routines align with Russian business hours, supporting assertions of a Russia-based nexus and strong alignment with Kremlin interests.
Sophisticated Multi-Tier C2 Network
The DDoSia platform is central to NoName057(16)’s campaign and encompasses a Go-based DDoS client tool distributed to a large pool of online volunteers.
Participants register via Telegram and receive unique User Hash credentials, enabling them to download encrypted target lists and contribute attack traffic in coordinated waves.
Volunteers require minimal technical expertise, rendering the group capable of mobilizing disruptive force quickly and effectively.
Despite mounting law enforcement attention including Operation Eastwood, which, in mid-July 2025, resulted in arrests, warrants, and property searches across several European nations NoName057(16) appears undeterred.
The hacktivist group’s continued propaganda on Telegram and unwavering operational tempo highlight the challenge facing defenders and law enforcement.
While short-term mitigations, such as layered DDoS protections, web application firewalls, IP blocking, and rate limiting, are recommended, Insikt Group emphasizes that the threat is likely to remain persistent amid ongoing geopolitical friction.
The campaign underscores a broader dilemma for organizations in NATO-aligned countries: DDoS attacks, hacktivist activity, and hybrid warfare are now staple features of modern conflict, deliberately designed to destabilize critical infrastructure while remaining beneath the threshold of conventional war.
Security leaders are urged to combine robust technical defenses with enhanced situational awareness, monitoring both direct threats and peer-targeting patterns as leading indicators of risk.
With states increasingly relying on both direct and proxy cyber actors to pursue national objectives, maintaining visibility into this fast-shifting threat landscape is now a core component of organizational risk management and resilience in a new era of persistent digital conflict.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
.webp?w=1200&resize=1200,0&ssl=1&description=Pro-Russian hacktivist group NoName057(16) has conducted a sweeping distributed denial-of-service (DDoS) campaign.){kind=link}