CyberSecurityBoard
Sponsor Register Login

NoName057(16)'s Hackers Attacked 3,700 Unique Devices Over Last Thirteen Months

The campaign demonstrates clear strategic alignment with Russian geopolitical interests, functioning as an unofficial cyber warfare asset that frames attacks as direct retaliation for actions taken by Russia’s adversaries. The group, which emerged in March 2022 shortly after Russia’s full-scale invasion of Ukraine, has maintained an unprecedented operational tempo by launching attacks against an average of 50 unique hosts daily, with activity peaking at 91 targets in a single day. The DDoSia malware employs a sophisticated two-step communication process with client registration begins with an HTTP POST request to the /client/login endpoint, where the malware validates authenticity using encrypted payloads secured with AES-GCM encryption. The pro-Russian hacktivist group NoName057(16) has orchestrated a massive distributed denial-of-service campaign targeting over 3,700 unique hosts across thirteen months, according to new research published on July 22, 2025. The tool facilitates application-layer DDoS attacks by overwhelming target websites with high volumes of junk requests, operating through a volunteer-driven model that recruits participants via Telegram channels and rewards contributors with cryptocurrency. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This architecture ensures operational resilience while maintaining reliable C2 functionality even under law enforcement pressure, as demonstrated during Operation Eastwood between July 14-17, 2025, which resulted in arrests and searches across six European countries. The malware’s multi-tiered infrastructure consists of rapidly rotating Tier 1 command-and-control servers with an average lifespan of nine days, exclusively permitted to establish connections to Tier 2 servers protected by access control lists. Recorded Future analysts identified the group’s primary weapon as a custom DDoS tool named “DDoSia,” the successor to an earlier botnet called Bobik. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The encryption key is dynamically generated using a combination of the User Hash and Client ID, creating a robust authentication mechanism.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 24 Jul 2025 13:45:13 +0000


Cyber News related to NoName057(16)'s Hackers Attacked 3,700 Unique Devices Over Last Thirteen Months

NoName057(16)'s Hackers Attacked 3,700 Unique Devices Over Last Thirteen Months - The campaign demonstrates clear strategic alignment with Russian geopolitical interests, functioning as an unofficial cyber warfare asset that frames attacks as direct retaliation for actions taken by Russia’s adversaries. The group, which ...
1 day ago Cybersecuritynews.com
Non-mobile malware statistics, Q1 2024 - More than 83,000 users experienced ransomware attacks, with 20% of all victims published on ransomware gangs' DLSs hit by LockBit. In Q1, Kaspersky solutions protected 83,270 unique users from ransomware Trojan attacks. Number of unique users ...
1 year ago Securelist.com LockBit
International operation disrupts pro-Russian hacker group NoName057(16) | The Record from Recorded Future News - In July 2023, Spanish police arrested three alleged members of the group suspected of participating in DDoS attacks targeting public institutions and strategic sectors in Spain and other NATO countries. European and U.S. law enforcement have ...
1 week ago Therecord.media
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
3 years ago
Iran-linked hackers claim to leak troves of documents from Israeli hospital - A hacker group allegedly linked to Iran claimed to have leaked thousands of medical records from an Israeli hospital, including those of Israeli soldiers. In a cyberattack on Ziv Medical Center in the city of Safed, near the border with Syria and ...
1 year ago Therecord.media MuddyWater
HackerOne paid ethical hackers over $300 million in bug bounties - HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. Thirty hackers have earned over a million USD for their submissions, and ...
1 year ago Bleepingcomputer.com Inception Hunters
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
3 months ago Cybersecuritynews.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com
Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks - A regulatory agency in Florida that oversees the long-term supply of drinking water confirmed that it responded to a cyberattack over the last week as the top cybersecurity agencies in the U.S. warned of foreign attacks on water utilities. The agency ...
1 year ago Therecord.media
Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
1 year ago Bloomberg.com LockBit
CEO of Ukraine's largest telecom operator describes Russian cyberattack that wiped thousands of computers - In the two months since Russia-linked hackers attacked Ukraine's largest telecom operator, many questions have emerged about how they gained access to the company's systems and lingered there, likely for months, undetected. During a cybersecurity ...
1 year ago Therecord.media
Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks - NoName057(16) is a threat actor that, since March 2022, has had significant involvement in numerous DDoS attacks targeting European and American organizations. However, there was no significant follow-up in the operation, and the leaders of the ...
2 months ago Bleepingcomputer.com
Why BYOD Is the Favored Ransomware Backdoor - These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data. Microsoft's fourth annual Digital Defense Report for 2023 reveals that 80% of all ransomware compromises come from ...
1 year ago Esecurityplanet.com
Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group - An international law enforcement operation dubbed "Operation Eastwood" has targeted the infrastructure and members of the pro-Russian hacktivist group NoName057(16), responsible for distributed denial-of-service (DDoS) attacks across Europe, ...
1 week ago Bleepingcomputer.com
Claroty Team82: 63% of Known Exploited Vulnerabilities Tracked by CISA Are on Healthcare Organization Networks - PRESS RELEASE. NEW YORK and ORLANDO, Fla., March 12, 2024/PRNewswire/ -Claroty, the cyber-physical systems protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning data about the security of medical ...
1 year ago Darkreading.com
Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades | The Record from Recorded Future News - Proofpoint Chief Strategy Officer Ryan Kalember said tools like ChatGPT now enable hackers to craft culturally accurate phishing emails and the company published a lengthy report this week on CoGUI — a phishing kit used widely among Chinese ...
2 months ago Therecord.media
Ransomware's appetite for US healthcare sees known attacks double in a year - Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. It has also created skyrocketing pharmacy bills, pushed some healthcare providers to the edge of ...
1 year ago Malwarebytes.com Rocke LockBit
IoT Security for Business: Safeguarding Connected Devices - In this discussion, we will explore the significance of IoT security for businesses and effective strategies for safeguarding connected devices. With the increasing number of connected devices in business environments, the need for effective IoT ...
1 year ago Securityzap.com
BadBox malware disrupted on 500K infected Android devices - The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. HUMAN says it also discovered 24 Android apps in the official app store, ...
4 months ago Bleepingcomputer.com
HellCat hackers go on a worldwide Jira hacking spree - The Swiss company did not provide technical details about the breach but targeting the Jira ticketing system has become a common attack method for the HellCat hackers. Rey, a member of the HellCat hacking group, told BleepingComputer that they stole ...
4 months ago Bleepingcomputer.com
Ransomware gang takes credit for Christmas attack on global Lutheran organization - Details about a Christmas-season ransomware attack on a global Christian organization became clearer this week as a cybercrime gang took credit for what appears to be a related theft of data. The World Council of Churches, an inter-church ...
1 year ago Therecord.media Rhysida
IoT Security in the Age of Cyber Threats - These vast neural networks enable IoT devices to seamlessly connect the mundane and the sophisticated into the digital fabric of the internet. This range of devices includes everything right from kitchen appliances and industrial machinery to smart ...
1 year ago Feeds.dzone.com
Qantas says 5.7 million affected by breach, leaked info not enough to access frequent flyer accounts | The Record from Recorded Future News - In an updated advisory on Wednesday afternoon, the company said the data of 5.7 million people was exposed last week when hackers breached a Qantas contact center. Qantas Group CEO Vanessa Hudson said the company is in contact with Australia’s ...
2 weeks ago Therecord.media Scattered Spider
Malek Team: Iran-linked Hackers Claim to Leak Medical Records From Israeli Hospital - An alleged Iran-based hacker group has claimed responsibility for stealing thousands of medical records from an Israeli hospital and leaking them on online forums. The stolen data also includes medical information of Israeli soldiers. The hospital - ...
1 year ago Cysecurity.news
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)