Months after the Eesti Energia cyberattack, hacker group NoName has listed it and several Estonian organizations as victims. Among the named targets were the official government website of Estonian capital Tallinn and the national railway infrastructure company Eesti Raudtee.
The Eesti Energia cyberattack by the pro-Russian hacktivist groups was in the cybersecurity news in November 2022, after a large-scale DDoS attack.
The Eesti Energia cyberattack
Threat intelligence service FalconFeedsio posted about the cyberattacks with screenshots of the inaccessible websites from the hacker group’s leak site.
Pro-Kremlin hackers were reportedly behind the Eesti Energia cyberattack in November 2022, when a large-scale denial of service attack took down the websites and online channels of state electricity generator and some of its related companies.
Apart from the Eesti Energia’s site and mobile app and the website, the MARU mobile app of grid maintenance firm Elektrilevi, along with several other key state sites, fell during the Eesti Energia cyberattack in November.
Although less successful, attacks occurred on one government ministry and the central bank then. The incidents coincided with similar and simultaneous attacks on key sites in Latvia, Poland, and Ukraine at that time.
Tõnu Tammer, head of CERT-EE, suggested that the attacks were likely carried out by pro-Kremlin hackers, reported ERR News.
The websites linked below were accessible at the time of publishing this article. The other companies allegedly targeted by NoName were:
- Eesti Raudtee or EVR, a national railway infrastructure company.
- An Estonian e-residency marketplace
- The website of the official public transport in Tallinn
- Inges Kindlustus, an insurance company
- Wallester, is a financial institution that offers payment services including virtual cards.
- Tpilet that offers travel-related services
- The official website of Tallinn
Possible Eesti Energia cyberattack and NoName’s legacy
If executed, the Eesti Energia cyberattack would be the latest CNI attack by the NoName hacker group.
The cybercriminal group, always vocal about its pro-Russia stance, has been targeting multiple pro-Ukraine nations as a display of solidarity with Russia. Since June 2022, NoName has been targeting entities that belong to Ukraine.
The group has specifically targeted European organizations recently including the German government and ministries because of the country’s recent sanctions against Russia.
Among the alleged targeted government organizations were Germany’s Federal Intelligence Service, the Federal Supreme Court, the Ministry of Foreign Affairs, and the Federal Ministry of Transport and Digital Infrastructure.
Vlantana and UAB RUSKO, two European logistics and transportation companies, were targeted by NoName in March. The attack caused their websites to become inaccessible, hindering their operations.
NoName also claimed responsibility for attacking the Italian military in December. In a Telegram group post, they wrote, “Decided to punish Italy’s military e-learning system – made a real website fall.
Additionally, after Japan imposed sanctions on 48 Russian individuals and 73 organizations, NoName claimed to have attacked Japanese organizations to show support for Russia.
Among the targeted organizations were the Petroleum Association of Japan and East Japan Railway Company.
Campaign DDosia by NoName
NoName057(16) recently called for volunteers to participate in their activities, which included DDoS attacks on targets critical of the Russian invasion of Ukraine.
In return for their attacks in the campaign named DDosia, the volunteers were paid up to 80,000 Rubles, or about $1,200, in cryptocurrency if they made an impact.
According to researchers at Avast, calls for people to engage as hacktivists and download DDoS tools to take down Russian websites in support of Ukraine have been present on social media since the beginning of the Ukraine war.
Avast discovered that users in countries such as Canada and Germany attempted to download the DDosia executable file to carry out DDoS attacks and push the malware to the exception list in anti-malware software running on their computers.
As a result, the users were rewarded by the hacktivist group, who found that their success rate significantly improved.
