The FalconFeeds X Account Takeover: How Hackers Bypassed MFA and Ran a Crypto Scam
© 2025 T-Sanct Technologies Pvt Ltd.
HOME | BLOGS | CATEGORY | January to July 2024 Cyber Activities
.jpg)
NoName057(16), a pro-Russian hacktivist group, has been on a relentless campaign of Distributed Denial of Service (DDoS) attacks targeting Western institutions since March 2022. Leveraging the DDosia attack toolkit, the group has effectively recruited volunteers through Telegram, forming alliances with various hacker groups, including pro-Russian and anti-Israel/pro-Palestine factions. This blog delves into NoName057(16)’s activities from January to July 2024, shedding light on their evolution, strategies, and the widespread impact of their operations.
NoName057(16) emerged in early 2022, coinciding with Russia's invasion of Ukraine. The group initially focused on nations opposing Russia's actions, quickly gaining momentum. The launch of the DDosia project on Telegram marked a significant turning point, enabling the group to recruit a volunteer army of pro-Russian hackers incentivized by a performance-based reward system.
As NoName057(16) continued its operations, the group refined its tactics, demonstrating advanced organizational capabilities. A key milestone was reached on February 7, 2024, when the group introduced a program allowing volunteers to form teams, thereby enhancing coordination and effectiveness. A week later, on February 14, 2024, a referral program was implemented to promote DDosia, further incentivizing recruitment through rewards for successful attacks. These strategic moves highlight the group's methodical approach to expanding its operational capacity.
From January to July 2024, NoName057(16) was responsible for 1,936 incidents, consistently targeting various sectors and countries across North America, Europe, and Asia. The group targeted between 1 to 27 organizations per day, often focusing on repeat attacks. May saw the highest number of incidents, with Moldova as the primary target. The government and public sector were the most frequently attacked during this period.
January to July 2024 Cyber Activities
January and May recorded the highest number of attacks, with over 300 incidents each, followed by July, April, February, and March. The lowest number of incidents was recorded in June.
NoName057(16) has targeted three continents: North America, Europe, and Asia.
January to July 2024 Cyber Activities
The Government & Public Sector, Transportation & Logistics, and Financials were the most affected sectors, reflecting the group’s strategic targeting of critical infrastructure.
January to July 2024 Cyber Activities
NoName057(16) has forged alliances with several pro-Russian and anti-Israel/pro-Palestine hacker groups, significantly enhancing their operational capabilities. Key allies include:
The group has increasingly participated in joint attacks with allies, targeting countries such as Ukraine, Finland, Italy, Japan, Sweden, Moldova, Luxembourg, Slovenia, Spain, Slovakia, Canada, UK, and more.
NoName057(16) has targeted a wide range of nations across North America, Europe, and Asia. The Government & Public Sector, Financials, and Transport & Logistics sectors have been frequently attacked, indicating a focus on critical infrastructure. The group's organizational structure and alliances significantly enhance their ability to coordinate large-scale attacks, posing serious cybersecurity threats.
The group's systematic approach to building an army of volunteers and forming alliances signals a growing threat. Their activities suggest a need for coordinated international responses and enhanced cybersecurity measures.
Regularly monitor network traffic and employ advanced threat detection systems to identify and mitigate potential DDoS attacks early. Leveraging threat intelligence is crucial to staying updated on NoName057(16)'s evolving tactics and techniques.
Enhance collaboration between national and international cybersecurity agencies to share information about emerging threats and attack patterns. Participation in cybersecurity forums and alliances is essential for strengthening collective defenses against NoName057(16) and similar groups.
Implement robust cybersecurity measures, including firewalls, intrusion detection systems, and DDoS protection services. Critical infrastructure and sensitive data should be protected with multi-layered security protocols.
NoName057(16) has demonstrated considerable organizational capabilities and has formed strategic alliances, enabling them to conduct frequent and impactful DDoS attacks. The analysis from January to July 2024 highlights their focus on Western institutions, with a significant number of attacks targeting government and public sectors across multiple continents. The group’s activities have shown a sophisticated approach to recruitment and collaboration, further enhancing their operational reach and effectiveness.
Given their current trajectory, NoName057(16) is poised to continue expanding their operations and forming new alliances, thereby posing ongoing cybersecurity threats. Their methodical approach and established network of allies make them a persistent and evolving threat. Effective monitoring and proactive countermeasures will be essential in mitigating the risks posed by this group.
FalconFeeds.io
