- "기밀 VM의 빈틈을 메운다" 마이크로소프트의 오픈소스 파라바이저 '오픈HCL'란?
- The best early Black Friday AirPods deals: Shop early deals
- The 19 best Black Friday headphone deals 2024: Early sales live now
- I tested the iPad Mini 7 for a week, and its the ultraportable tablet to beat at $100 off
- The best Black Friday deals 2024: Early sales live now
Pro-Russian Hacktivist Group Targets Czech Presidential Election
The pro-Russia hacktivist group known as NoName057(16) has recently started new attacks against organizations and businesses across Poland, Lithuania and other countries. Most recently, the group began targeting the websites of the Czech presidential election candidates.
According to SentinelOne, who discovered the new campaigns, the group conducted these campaigns by using public Telegram channels, a distributed denial of service (DDoS) payment program driven by volunteers, a multi-OS supported toolkit and GitHub.
“The group has also made use of GitHub to host a variety of illicit activity,” wrote Tom Hegel, a senior threat researcher at SentinelOne.
“This includes using GitHub Pages for freely hosting their DDoS tool website […] and the associated GitHub repositories for hosting the latest version of their tools as advertised in the Telegram channel.”
In this regard, SentinelOne said it reported the abuse to the GitHub Trust & Safety team, who took action and removed the malicious accounts.
In terms of motivations behind the NoName057(16) group, the security researchers determined the hackers are primarily focused on disrupting websites of nations critical to Russia’s invasion of Ukraine.
“Initial attacks focused on Ukrainian news websites, while later shifting to NATO-associated targets,” Hegel explained.
“For example, the first disruption the group claimed responsibility for were the March 2022 DDoS attacks on Ukraine news and media websites Zaxid, Fakty UA, and others. Overall the motivations center around silencing what the group deems to be anti-Russian.”
Hegel also clarified that, from a technical standpoint, NoName057(16) is not particularly sophisticated. Still, the group can have an impact on service availability, even if often short-lived.
“What this group represents is an increased interest in volunteer-fueled attacks while now adding in payments to its most impactful contributors,” added the security expert. “We expect such groups to continue to thrive in today’s highly contentious political climate.”
A list of Indicators of Compromise (IoC) regarding NoName057(16) is available in the SentinelOne advisory.
Its publication comes days after security firm Lupovis revealed that separate groups of Russian hackers are using their presence inside the networks of organizations in several countries to launch attacks against Ukraine.