NoName ransomware group has allegedly targeted multiple Ukrainian government websites. The latest victims of the alleged NoName ransomware attack on Ukraine include Accordbank, Zaporizhzhya Titanium-Magnesium Plant, State Tax Service, Central Interregional Tax Administration, Western Interregional Tax Administration, and the Main Directorate of the State Tax Service in Kyiv.
The Cyber Express tried to verify the claims made by the threat actor and found the website of Zaporizhzhya Titanium-Magnesium Plant operational at the moment. The latter websites listed by the NoName ransomware group faced disruptions and connectivity issues displaying “403 forbidden” and other error messages.
The NoName ransomware group has posted a list of their latest DDoS attack victims on their dark web leak portal. Screenshots of the dark web post were shared on Twitter. The message on the screenshot taken from the dark web reads, “We continue to nightmare Ukrainian sites (evil emoji).
The websites for Ukraine’s State Tax Service, Central Interregional Tax Administration, Western Interregional Tax Administration, and the Main Directorate of the State Tax Service, displayed bad gateway and error messages on each of the websites.
The websites of the Central Interregional Tax Administration, Western Interregional Tax Administration, and the Main Directorate of the State Tax Service are linked to the main website of Ukraine’s State Tax Service.
Hence, it seems that the NoName ransomware attack on Ukraine’s State Tax Service has also impacted the other linked websites.
The website of Ukraine’s Accordbank displayed a “403 Forbidden” error message. Here is a screenshot of the same.
The website of the Ukrainian State Tax Service displayed a message, “This site can’t be reached. tax.gov.ua took too long to respond”. A screenshot of the same is attached below.
The websites of the Central Interregional Tax Administration, and the Main Directorate of the State Tax Service in Kyiv also displayed the same error message as the Ukrainian State Tax Service website.
Since the war between Russia and Ukraine broke out, several hacktivist groups from both sides have been found targeting each other. These hacker groups are either backed by government agencies or commit cybercrimes as an act of patriotism towards their nation.
Prior to the NoName ransomware attack on Ukraine, the hacker collective has also launched cyberattacks on multiple Finnish government websites. The group wrote on the dark web, “Finland continues to receive our New Year’s gifts (evil smile emoji)”.
From what we could understand, it was an attempt to disrupt the critical infrastructure of Finland and cause havoc for the Finnish citizens. All the victims of NoName DDoS attacks on Finland were government organizations related to transport facilities.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
This week’s The Cyber Express roundup covers ransomware, AI risks, geopolitical threats, and key developments in global cybersecurity news.
DeepSeek changed the calculation. When the House Select Committee on China concluded in early 2025 that the Chinese AI company…
The Apple age verification measures align with broader enforcement efforts under the UK’s online safety framework.
EU and ENISA act to protect the bedrock cyber vulnerability CVE Program after funding concerns raise risks of fragmentation and…
Energy sector ransomware surged in 2025 as ransomware groups exploited vulnerabilities and used FrostyGoop malware to disrupt infrastructure.
Reporting mechanisms for illegal content are also part of the Digital Services Act child protection investigation.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More