The Russia-aligned cyber threat actor known as NoName057 (16) has reportedly announced that it is launching large-scale distributed denial of service (DDoS) attacks targeting internet infrastructure throughout Europe.
The group is notorious for orchestrating Project DDoSia, a campaign that conducts massive DDoS attacks against entities supportive of Ukraine, mainly targeting NATO countries.
Why are hacker groups targeting European elections with DDoS attacks?
During the current European election season, the hackers declared their intention to disrupt these events with DDoS attacks. The election period began on June 6, in the Netherlands, while Estonia started its voting process on June 3. Both Czechia and Ireland are casting their votes on Friday (June 7), with other EU member states scheduled to vote over the upcoming weekend.
According to cyber security news website DailyDarkWeb, the group criticized the European Parliament as a “pseudo-democratic and thoroughly Russophobic body.” NoName057(16) accused the European Parliament of implementing “meaningless anti-Russian sanctions” following Russia’s actions in Crimea in 2014 and Donbas in 2022. In response to what they perceive as “Russophobia” and the double standards of European authorities, the group announced that Europe’s internet infrastructure would be targeted by Russian hackers.
It said on the social media site Telegram: “When Russia began protecting the peaceful population of Crimea in 2014 and the residents of Donbas in 2022, the EP [European Parliament], like a rabid printer, started issuing meaningless anti-Russian sanctions in bulk.
“For the Russophobia and double standards of European authorities, Europe’s internet infrastructure will suffer from Russian hackers.”
NoName057(16) claims that it has recruited several other malicious hacking groups to its cause, such as 22C, IAMKILLMILK, CoupTeam, Cyberdragon, People’s CyberArmy, Root@kali, and Usersec. This is in addition to other participants who wish to remain anonymous.
Dutch party websites attacked
In a blog post, Cloudflare’s João Tomé said that the firm had already observed “significant” DDoS attacks targeting multiple election or politically-related Internet properties in the Netherlands. He added: “On June 5 and 6, 2024, Cloudflare systems automatically detected and mitigated DDoS attacks that targeted at least three politically-related Dutch websites.” On June 5, Cloudflare said it had mitigated one billion HTTP requests from daily DDoS attacks in the Netherlands.
The primary DDoS attack on June 5 targeted a specific website, peaking at 14:13 UTC (16:13 local time) with a rate of 73,000 requests per second. This attack persisted for several hours.
The security firm attributes these attacks to the pro-Russian hacker group HackNeT, which has claimed responsibility. Writing on Telegram, a group purporting to be HackNeT, said: “The Netherlands is the first country to vote for a new European Parliament.
“So they’ll be the first to suffer from DDoS attacks.”
The center-right Christian Democratic Appeal (CDA), Geert Wilders’ far-right Party for Freedom (PVV), and the populist, far-right Forum for Democracy (FvD) all encountered issues with their websites.
Vanochtend was de CDA-website door een zware DDOS-aanval tijdelijk minder bereikbaar.
Op verkiezingsdag beschouwen we dit als een aanval op vrije, democratische verkiezingen. We maken melding bij de relevante instanties. Onze website is inmiddels weer bereikbaar. #VerkiezingenEU
— CDA (@cdavandaag) June 6, 2024
The CDA announced on X that its website was subjected to a “heavy” distributed denial-of-service (DDoS) attack. “On election day, we consider this to be an attack on free, democratic elections,” it said.
Other European nations in firing line
Meanwhile, another security analyst under the username CyberKnow stated that the group Cyber Army Russia Reborn also launched DDoS attacks targeting Ireland.
Cyber Army Russia Reborn as part of the DDoS attacks against the European elections has targeted Ireland. In what be one of the first pro-Russian hacktivist attacks on Ireland since 2022#cybersecurity #infosec #Europe pic.twitter.com/ah5b6VivfP
— CyberKnow (@Cyberknow20) June 7, 2024
#Spain 🇪🇸 – NoName057(16) allegedly carried out a #DDoS attack on Santa Bárbara Sistemas, a Spanish defense contractor based in Madrid.#DarkWeb #cyberattack pic.twitter.com/KuZfPYFcQR
— Dark Web Intelligence (@DailyDarkWeb) June 6, 2024
DailyDarkWeb also reported that NoName057(16) allegedly carried out a DDoS attack on Santa Bárbara Sistemas, a Spanish defense contractor based in Madrid.
Featured image: Ideogram
