Spanish Police arrested three individuals on July 20, 2024, who are suspected of participating in a series of cyberattacks targeting critical infrastructure and government institutions in Spain and other NATO countries.
The detainees are believed to be affiliated with the hacktivist group NoName057(16), known for its pro-Russian ideology and launching DDoS attacks against entities supporting Ukraine in the ongoing conflict.
The arrests come amidst heightened concerns about cyberwarfare as tensions escalate between Russia and the West. An article in Reuters quoted a statement by the Spanish Civil Guard which said that the attacks orchestrated by NoName057(16) specifically targeted public institutions and companies in strategic sectors within NATO countries that have offered aid to Ukraine.
Details of NoName Hackers’ Arrest
The operation, led by the Spanish Civil Guard, apprehended the suspects in Mallorca, Huelva, and Seville. Searches conducted at their residences yielded computer equipment and documents potentially linked to the cyberattacks. Notably, Spanish police released a video on its social media platform X of a raid at the home of one of the suspects in which a Soviet-era hammer and sickle flag was mounted on a wall, further hinting at their alleged pro-Russian affiliation.
Investigations suggest that NoName057(16) primarily employs Distributed Denial-of-Service (DDoS) attacks. DDoS attacks aim to overwhelm websites or online services with a flood of junk traffic, rendering them inaccessible to legitimate users. While the specific impact of these attacks remains under investigation, they likely caused disruptions to targeted institutions and potentially hampered their operations.
The group’s manifesto, referenced by Spanish authorities, reportedly outlines their objective of retaliating against “hostile and openly anti-Russian actions by Western Russophobes.”
Inglorious Past of NoName057(16)
NoName057(16) emerged shortly after Russia’s invasion of Ukraine and has since been linked to cyberattacks against various NATO members, including Poland.
In January 2024, NoName057(16) claimed responsibility for a wave of DDoS attacks targeting Swiss government websites on the eve of a summit aimed at facilitating peace talks between Russia and Ukraine. The targeted websites included those belonging to the federal government and organizations involved in the peace process.
Polish cybersecurity firms have also documented a surge in cyberattacks originating from suspected pro-Russian actors. A recent report by Check Point Software Technologies revealed that Polish entities face an average of nearly 1,430 cyberattacks per week.
The study further identified NoName057(16) as the most prolific pro-Russian group targeting Polish infrastructure, with past attacks directed at Polish Radio, Gdynia Port, and government websites.
The arrests in Spain mark a significant development in efforts to counter cyberattacks potentially linked to the ongoing conflict in Ukraine. The investigation into the activities of NoName057(16) is ongoing, with Spanish authorities collaborating with a specialized prosecutor’s office to uncover the full extent of the group’s operations and identify additional individuals involved.
The full extent of the damage caused by NoName057(16) remains under investigation. However, the disruption of essential services, even for a short period, can have significant consequences. Hospitals, power grids, and communication networks rely heavily on functioning IT infrastructure. DDoS attacks can disrupt healthcare services, hinder emergency response efforts, and cause economic losses.
The use of a homemade DDoS program called DDoSia by NoName057(16) raises concerns about the potential for these attacks to become more accessible to non-state actors. Cybersecurity experts urge governments and businesses to invest in robust cybersecurity measures to defend against such threats.
The Spanish authorities’ crackdown on NoName057(16) is a positive development in the fight against cyberwarfare. However, it also serves as a stark reminder of the evolving nature of cyber threats and the need for continued vigilance in the face of a constantly adapting digital landscape.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
