After being launched by Russian hacktivist group "NoName057(16)" in the summer of 2022 and quickly gaining a substantial number of members and active users, the crowdsourced DDoS project known as "DDoSia" has grown exponentially, by 2,400%.
The platform now has 10,000 active members compared with the 400 it had when it first launched. It also has 45,000 subscribers on its primary Telegram channel, compared with just 13,000 last summer. With this growth comes more individuals helping conduct attacks on Western organizations, and better tools to deploy these attacks, such as introducing binaries for all major OS platforms.
Through data collected by Sekoia, analysts found that the targets of these DDoS attacks between May 8 and June 26 of this year were, for the most part, Lithuanian, Ukrainian, and Polish (39%). This is presumably due to the fact that these countries have made public declarations against Russia during the Russia-Ukraine war. During this time frame, the hacktivist group targeted 486 websites, including Ukrainian education and government sites, and French banking websites.
"NoName057(16) is making efforts to make their malware compatible with multiple operating systems, almost certainly reflecting their intent to make their malware available to a large number of users, resulting in the targeting of a broader set of victims," Sekoia analysts stated in a blog post. "[We] assess that strengthening the security of their software is part of NoName057(16)'s efforts to continuously develop their capabilities, almost certainly driven by their active community as well as the increasing scrutiny of their activities from the CTI community."