Russian Hackers Target Government and Political Organizations in Major Cyber Attack

Two pro-Russian threat actors launched a coordinated DDoS attack on Japanese organizations in response to Japan’s support for US-led military alliances. The attacks primarily targeted logistics, manufacturing, government, and political entities, disrupting their operations.

The ongoing DDoS attack leverages various sources, including nuisance networks, cloud providers, and VPNs, where the hackers are actively adding new targets to their DDoSia botnet, indicating the attack’s persistence.

In response to Russia’s concerns about Japan’s growing militarization, pro-Russian cyber groups conducted significant Distributed Denial of Service (DDoS) attacks on Japanese targets, likely aiming to disrupt critical infrastructure and government services.

NoName057(16) public attack announcement on Telegram.

NoName057(16) recently attempted to disrupt the Belgian government and logistics sites, likely coordinating with another threat actor, which involved more than 30 configuration updates specifically targeting Belgian infrastructure. 

The cyberattacks primarily targeted the Logistics & Manufacturing sector, particularly harbors and shipbuilding, aligning with the attacker’s usual tactics. Additionally, government, political, and social organizations, including the newly elected prime minister’s party, were also targeted to gain maximum publicity.

Target types of recent DDoS attacks on Japan.

A 16-year-old attacker has launched a sophisticated DDoS attack against Japanese targets using the DDoSia botnet, where the attacker has employed various attack vectors and configurations to maximize the impact of the attacks, targeting multiple domains with multiple attack waves.

The Russian-aligned group conducted a three-day attack campaign against identified targets using TCP SYN-floods and HTTP-based attacks. 

All targets were subjected to at least one type of TCP packet-flooding, with over two-thirds experiencing HTTP attacks. The group’s activity coincided with typical working hours in Russia, with all new C2 server updates occurring between 07:00 and 13:00 UTC.

 Most common vectors for NoName057(16) attacks on Japan.

Researchers have observed a daily average of 2,000 DDoS attacks targeting Japanese networks, where these attacks, though impactful, have not substantially altered the region’s overall threat landscape. 

The attacks exhibit patterns typical of other regions, including the use of direct-path attack vectors and common sources, often involving nuisance networks and legitimate cloud providers and VPNs.

NetScout found that Russia-backed NoName057(16) and Russian Cyber Army Team coordinated cyberattacks targeting Japanese logistics, manufacturing, and government entities. 

Although these attacks didn’t significantly change the global threat landscape, persistent DDoS attacks emphasize the need for strong detection and mitigation measures to ensure digital availability.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here