Tracking Russia’s NoName057[16] attempts to DDoS UK public services
Today I noticed NoName057[16] — basically a poor man’s “Ukraine IT army” — attempting to DDoS various UK councils and transport services:
They post about their exploits on Telegram, similar to those crazy Ukrainians. It’s basically Russia styled as hacktavists, with some great bear drawings.
I decided to have a look at monitoring them, and was able to break in pretty easily.
They attacked these 14 targets:
pa.eastcambs.gov.uk
politics.leics.gov.uk
www.cranbrooktowncouncil.gov.uk
cert.be
my.swiftcard.org.uk
www.senaat.be"
The attacks looked like this:
As an example of service impact, we go to West Yorkshire bus services:
I tooted about this at 11:23am GMT, you may notice the other unannounced Belgium sites:
Then 90 minutes later they posted about the Belgium targets:
If it’s of any interest I may start publishing this data publicly on an ongoing basis, like a cheap HaveIBeenDDoS’d. I think the visibility of the techniques they are using may help orgs better defend.
~g