Killnet, NoName057(16) and Anonymous Sudan are on the rampage – politically motivated attacks on critical sectors in Europe are increasing

  • Lisa Fröhlich
  • April 13, 2023

Table of content

    Killnet, NoName057(16) and Anonymous Sudan are on the rampage – politically motivated attacks on critical sectors in Europe are increasing

    Before Easter, there was a series of DDoS attacks on websites operated by state authorities and the police. The attackers’ targets included, for example, the state portals of Saxony-Anhalt and Schleswig-Holstein and the websites of the police in Brandenburg and Lower Saxony. There were also similar reports from Mecklenburg-Western Pomerania and the German Federal Ministry for Economic Cooperation and Development.   

    The attack disrupted the normal operations of several state agencies and police departments and raised concerns about the cybersecurity and resilience of government websites. Social media channels have seen confessional messages from a group called “NoName057(16),” which included the phrase “Victory will be ours” alongside a Russian flag.  

    French and Italian government IT systems affected  

    In addition to the series of attacks in Germany, cyberattacks also occurred in neighbouring European countries. The website of the French National Assembly was affected by a distributed denial of service (DDoS) attack for several hours. The attack was in response to France’s support for Ukraine. The attackers also targeted the French Senate and the Children’s Parliament, although only the latter website was down.   

    The Italian government and parliament IT systems, the Ministry of Transport and the Ministry of Foreign Affairs, the transport regulator, the public transport company ATAC in Rome and Bologna Airport were also targeted by a DDoS attack by the Russian hacker group. On Telegram, the group referred to Ukrainian soldiers undergoing missile defense training near Rome. 

    Attack on banks in Denmark  

    NoName057(16) has launched DDoS attacks against Western organizations in the past and is considered one of the most active Russian threat actors. Several Danish banks, including Jyske Bank and Sydbank, were also crippled by a distributed denial of service attack. Arbejdernes Landsbank also said its online banking system was affected. The Russian group claimed responsibility for attacks on several financial institutions.   

    A look behind the scenes? Who is behind all the attacks?  

    The Russia-linked hacking group NoName057(16) has been active since March 2022, targeting Ukrainian and pro-Ukrainian organizations, companies and governments. Recently, the group has focused on countries in the European Union that support Ukraine, as well as certain targets in the United States and the United Kingdom. Their main method of attack is DDoS attack, which they have used to cripple websites of key private sector targets such as banks and financial institutions. Currently, it seems to be outranking Killnet in terms of activity level.   

    The Russian cybercrime syndicate Killnet first appeared in January 2022, offering DDoS services on illegal forums. During the Russian invasion of Ukraine, the group claimed allegiance to the Russian government and has since launched targeted attacks on websites in countries hostile to Russia. Killnet has a structured organizational hierarchy and cooperates with other pro-Russian groups such as NoName057(16). The Latvian government classifies Killnet as a terrorist organization after the group was blamed for a cyberattack on the country’s parliamentary web services.  

    Less active and well-known is a group calling itself “Anonymous Sudan.”  Still, it has claimed responsibility for DDoS attacks against targets in several European countries, including France, Germany, the Netherlands and Sweden. The group describes itself as pro-Islamic, and its attacks are said to be in retaliation for perceived anti-Islamic activity in those countries. Security researchers at Trustwave suspect it may be a subgroup of the Russian hacktivist collective Killnet. 

    Despite all warnings, critical sectors around the world are increasingly being targeted  

    Back in May 2022, cybersecurity agencies from the US, Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) warning organizations of increased malicious cyber activity because of the Russian invasion of Ukraine. It also noted that state-sponsored and criminal cyber threats are occurring in response to US and allied support for Ukraine.   

    New research from Keeper Security has shown that public sector digital infrastructure is a prime target for cyberattacks during times of political unrest and economic instability. The Government and Public Sector Cybersecurity Census Report shows that these attacks are becoming an increased threat to public sector organizations that play an essential role in providing critical infrastructure.   

    UK particularly affected  

    As early as 2022, the public sector in the UK suffered a tremendous amount of cyberattacks. According to a survey by insurance firm Gallagher, UK councils experienced over 2.3 million attempted cyberattacks in 2022. This represents a 14% year-on-year increase in the number of cyberattacks, with phishing attacks accounting for 75% of all attempts.   

    A UK government survey in the summer of 2022 found that 39% of UK businesses detected a cyberattack. Although this figure follows previous years, increased cybersecurity measures led to a higher identification rate. This suggests that some companies may be under-reporting attacks. The estimated average cost of all cyberattacks here was £4,200, rising to £19,400 for medium and large businesses.  

    Also, according to a new threat report from IBM, the UK was the country most affected by cyberattacks across Europe last year. The UK accounted for 43% of cyberattacks reported in Europe. The energy and financial services sectors in the UK were the most affected, accounting for 32% of all attacks. 

    Risk management and security measures of crucial importance   

    With cyberattacks on the rise, critical infrastructure operators and enterprises must address digital threats and implement protective mechanisms as a priority. The consequences of such attacks can extend beyond business opportunities and affect society. To minimize the impact of attacks, organizations should structure their IT systems to prevent critical network parts from being attacked.   

    Policies and frameworks should strengthen cyber resilience  

    More protection for critical sectors is expected to come from the new EU Network and Information Security Directive, NIS2. The NIS2 Directive replaces the 2016 EU Network and Information Security Directive (NIS1) and creates a single framework for building national cybersecurity capabilities across the EU. The Directive includes minimum security requirements and reporting obligations for critical infrastructure operators and certain digital service providers. The NIST Cybersecurity Framework also outlines five core elements to achieve the necessary cyber resilience and meet NIS2 requirements.   

    Protecting critical infrastructure and IT systems is more important now than ever before  

    The risk of politically motivated cyberattacks is increasing, leaving sectors such as energy, finance and healthcare particularly vulnerable. A single cyberattack can cause millions of dollars in lost production, lead to supply shortages and even endanger human lives. As such, protecting against DDoS attacks is vital for critical infrastructure.   

    Cybercriminals and state actors can use DDoS attacks to exert political pressure, sabotage critical infrastructure, or hold it for ransom, making protection even more important.  

    Turn to the experts at Link11 to protect your IT infrastructure from the growing threat of cyber attacks. Link11 can help you implement a holistic solution to keep your business safe.  

    Contact Us

    Link11 Named as a Representative Vendor in Gartner’s Latest Market Guide for DDoS Mitigation Services
    Warning of Serious DDoS Blackmail Campaigns Attributed to Fancy Bear Group