As cybercrime amidst the Russia-Ukraine war continues to escalate, the DDoSia project, launched by a known hacktivist group, has exploded in its number of members and quality of tools used for attacks.

Dark Reading Staff, Dark Reading

June 30, 2023

1 Min Read
a hooded individual in a black hoodie with code in the colors of the Russian flag as the background.
Source: BeeBright via Shutterstock

After being launched by Russian hacktivist group "NoName057(16)" in the summer of 2022 and quickly gaining a substantial number of members and active users, the crowdsourced DDoS project known as "DDoSia" has grown exponentially, by 2,400%.

The platform now has 10,000 active members compared with the 400 it had when it first launched. It also has 45,000 subscribers on its primary Telegram channel, compared with just 13,000 last summer. With this growth comes more individuals helping conduct attacks on Western organizations, and better tools to deploy these attacks, such as introducing binaries for all major OS platforms.

Through data collected by Sekoia, analysts found that the targets of these DDoS attacks between May 8 and June 26 of this year were, for the most part, Lithuanian, Ukrainian, and Polish (39%). This is presumably due to the fact that these countries have made public declarations against Russia during the Russia-Ukraine war. During this time frame, the hacktivist group targeted 486 websites, including Ukrainian education and government sites, and French banking websites.

"NoName057(16) is making efforts to make their malware compatible with multiple operating systems, almost certainly reflecting their intent to make their malware available to a large number of users, resulting in the targeting of a broader set of victims," Sekoia analysts stated in a blog post. "[We] assess that strengthening the security of their software is part of NoName057(16)'s efforts to continuously develop their capabilities, almost certainly driven by their active community as well as the increasing scrutiny of their activities from the CTI community."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights