The pro-Russian hacker group NoName057(16) seems to be after the UK railway. In the latest few posts, the group has claimed to attack the UK rail ticket sales service by targeting its official website, as well as a railway company Stansted Express.
According to a tweet by FalconFeedsio, this is the second such attack on the portal. However, no official statement confirming the alleged cyber attack has been released.
The Cyber Express reached out to the UK rail ticket sales service but is yet to receive any official response from them.
Noname057(16) hackers group claims to have targeted the website of UK rail ticket sales service.
This is the second time the portal is being targeted during this week.
Note: The website is down at the moment.#CTI #threatintel https://t.co/MBy3BB9pXT pic.twitter.com/Q5Kt97qMU7
— FalconFeedsio (@FalconFeedsio) April 1, 2023
NoName057(16) is a Russian-speaking threat actor that has made waves since its inception in March 2022.
Driven by ideological and political motivations, the group has clarified that it stands against western ideals and supports the Russian Federation in the ongoing conflict with Ukraine.
This well-organized cyber collective work with a singular goal: to conduct massive Distributed-Denial of Service (DDoS) attacks against European governmental entities and critical infrastructures.
NoName057(16) and the rise of Pro Russian hackers
NoName targeted the following organizations
1. Stansted Express – Private Railway Company
2. Rheinmetall- German’s military manufacturer
3.Poland’s ministry of knowledge education development
4.Italy’s postal communication police#cti#threatintel pic.twitter.com/M7QiNQCMl6
— FalconFeedsio (@FalconFeedsio) April 1, 2023
Since May 2022, NoName057(16) has been on a rampage, targeting Ukraine and European countries that support the Ukrainian government.
These countries include Estonia, Latvia, Lithuania, Poland, Slovakia, Norway, and Finland. However, NoName057(16) is not only interested in the European region.
Several Pro-Russian hackers have been active in the region since the war between Russia and Ukraine took place on 24 February 2022, with Russia’s invasion and occupation of parts of Ukraine being a significant escalation.
The conflict has led to the loss of tens of thousands of lives on both sides and has caused Europe’s most significant refugee crisis.
The NoName057(16) cybercriminals have conducted massive Distributed-Denial of Service (DDoS) attacks against European governmental entities and critical infrastructures.
However, they are taking things to the next level with web-defacement attacks against the Polish Railway Transport Office, calling for protests against the Polish authorities for supporting Ukraine in the conflict with Russia.
To make matters worse, NoName057(16) has joined forces with other pro-Russia cyber collectives, including Killnet and XakNet.
Moreover, NoName057(16) has also publicized their campaigns in a Russian-speaking underground channel and a mirrored channel with English translations.
They have also created a third group to discuss technical aspects of their DDoS campaigns and a fourth group to provide instructions on using their custom tool, “DDosia,” to conduct DDoS attacks.
NoName057(16) and new forms of mass cyberattacks
In September 2022, NoName057(16) implemented a financial reward mechanism for members who successfully conduct DDoS attacks and rank among the top ten lists. They are turning cybercrime into a twisted game with high scores and prizes — these cyber villains are playing for keeps.
With the emergence of NoName057(16) and its malicious cyber activities, it’s becoming increasingly evident that the threat of cybercrime is on the rise. The consequences of cybercrime can be downright devastating, wreaking havoc and causing unprecedented damage to critical infrastructures.
In a more interconnected world than ever, the ripple effects of such attacks can be felt far and wide. A report by cybersecurity company Check Point reveals that hacktivism is on the rise, with hackers using their skills to push political and agendas.
Although the new hacktivism started in specific and limited geographical areas, the Russian-mobilized groups soon turned their focus from being solely on Ukraine, but on anyone opposing the Russian agenda, i.e. Europe, the United States and even Asia.
This included significant attacks on governments and major corporations in the US, Lithuania, Italy, Estonia, Norway, Finland, Poland, Japan, and more.
“These groups have also clearly stated agendas supporting Russian information warfare and interests, as we can see in the manifest of Noname057(16),” said the report.