Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe
Pro-Russian hacktivist gang Noname has claimed over 6600 attacks since March 2022, almost exclusively targeting European nations, new research from Orange Cyberdefense has shown.
The cybersecurity vendor’s Security Navigator 2025 report found that 96% of Noname’s attacks targets included Ukraine, Czech Republic, Spain, Poland and Italy and have been ongoing since Russia began its invasion of Ukraine in early 2022.
The hacktivist group has not targeted the US once during this period, the researchers found.
Speaking to press ahead of the report’s launch, Charl van der Walt, Global Head of Security Research at Orange Cyberdefense, said a possible explanation for this is the group is wary of coming to the attention of US authorities, having observed the high-profile takedowns of major cybercriminal gangs like LockBit in the past year.
“We think they don’t want to poke that bear,” commented van der Walt.
Noname Highly Reactive to Events
The researchers observed that Noname tends to target “symbolic” European entities with DDoS attacks, with the primary goal of using technical disruptions to manipulate public opinion and destabilize societal confidence in countries considered to go against Russian interests.
These are designed to draw attention to political and economic issues, pushing the narrative that Western ideas and institutions are not working and crumbling on platforms like Telegram and X (formerly Twitter).
Van der Walt said that the group is reactive to geopolitical events, with its “operational cadence defined by what’s happening in the real world.”
For example, it launched a spate of attacks against targets in Spain after Spanish police arrested three individuals suspected of being members of Noname in July 2024.
Many of these events are not directly related to Russia. This was shown when Noname launched DDoS attacks against websites of Belgian institutions in October 2024 in support of protests by farmers in Belgium.
Additionally, Noname was behind DDoS attacks on numerous UK councils in late October 2024, which it claimed was retribution for British military support for Ukraine.
Van der Walt said there is no evidence of a direct strategic relationship between the Russian government and Noname, although there is clear ideological alignment between them.
Continued Hybridization of Hacktivism
The report highlighted how hacktivism has changed significantly, with its current ‘establishment era’ becoming particularly prominent since Russia’s invasion of Ukraine.
Orange Cyberdefense defined the previous hacktivist carnations as:
- Digital utopia (1985-2005). Made up of hackers who envisioned a better internet and who wanted to draw attention to security and other issues in this environment
- Anti-establishment (2006-2013). Hacktivists in this era primarily targeted governments and big businesses whose actions they did not agree with. The Anonymous collective was particularly prominent during this period
- Establishment (2014 – present). More hacktivist activity from Russia-aligned groups in recent years. Many hacktivist groups have moved away from being anti-government to openly aligning with the objectives of certain nation states
Read now: From Protests to Profit: Why Hacktivists Are Joining the Ransomware Ranks
As well as aligning with nation-states, another trait of modern hacktivism is overlap and cooperation with financially motivated cybercriminals. Van der Walt said this trend is testing the security community’s desire to give labels to threat actors.
A notable trait of hacktivist groups is that they operate in the public domain, openly boasting and discussing their activities.
They also often use volunteers to help boost attacks. For example, Noname employs “DDoSia” tactics, in which it declares its target websites and asks for volunteers to join in to increase the attack volume.
Volunteers are often incentivized with cryptocurrency payments for these activities, van der Walt added.
Hacktivists Extend Reach to OT Systems
Another trend relating to hacktivist activity is the targeting of operation technology (OT) systems used by critical industries such as manufacturing, energy, healthcare and transportation with the aim of causing disruption.
Orange Cyberdefense attributed 23% of ‘Category 2’ attacks targeting OT in the past year to hacktivists. Category 2 incidents are defined by the UK’s National Cyber Security Centre (NCSC) as cyber-attacks that have a serious impact on central government, essential services, a large proportion of the population or the economy.
Nation-state actors tend to avoid destructive attacks on these environments for fear of escalating tensions between nation-states, van der Walt noted. However, hacktivist groups have no such constraints.
