NoName057(16) utilized GitHub for hosting most of its malicious activities, including hosting its DDoS page.
NoName057(16) is a pro-Russia hacktivist collective known for targeting several businesses and organizations in European countries, including Poland and Lithuania. The group had its accounts disabled by GitHub for attempting to launch DDoS attacks against the Czech presidential election candidates’ websites last week.
As per the analysis of SentinelOne cybersecurity researchers, the campaigns were launched through public Telegram channels. The group used a DDoS payment program supported by volunteers, GitHub, and a multi-OS compatible toolkit.
According to SentinelOne’s senior threat researcher, Tom Hegel, NoName057(16) utilized GitHub for hosting most of its malicious activities, including hosting its DDoS website, and the associated GitHub repositories were used for hosting the latest versions of their tools.
Additionally, researchers noted that the pro-Russia hacktivists were focused on disrupting sites of countries critical to the Russian invasion of Ukraine since initial attacks were focused on Ukrainian news platforms. Later, they targeted NATO-linked entities, including attacks against Denmark’s central bank and several other financial institutions.
“For example, the first disruption the group claimed responsibility for were the March 2022 DDoS attacks on Ukraine news and media websites Zaxid, Fakty UA, and others. Overall the centre of the motivations around silencing what the group deems to be anti-Russian,” SentinelOne report read.
Researchers notified GitHub Trust & Safety team about this issue. The platform responded quickly and removed all the malicious accounts on Tuesday. The company’s spokesperson stated that the accounts were disabled per GitHib’s Acceptable Use Policies.
“We disabled the accounts in accordance with GitHub’s Acceptable Use Policies, which prohibit posting content that directly supports unlawful active attacks or uses GitHub as a means to deliver malicious executables,” the spokesperson said.
- Pro-Russian Killnet group hits UK firms with DDoS attacks
- US Blacklists Tornado Cash, GitHub Removes its Co-Founder
- Russian Killnet Group Hit Top Lithuanian sites with DDoS attack
- Russian electronic voting system hit by 19 DDoS attacks in one day
- DDoS App Meant to Hit Russia Infected Android Phones of Ukrainians