The group of cybercriminals “NoName057” has launched a campaign of cyberattacks against several public institutions and Spanish newspapers that began on 23J and runs until this Tuesday. The group claimed responsibility on Sunday afternoon for having knocked down the website of the Ministry of the Interior, while this Tuesday El Mundo, ABC, El Español or Expansión have denounced having suffered these attacks. The Ministry denies that its portal has suffered the effects of the cyberattack at any time and attributes the possible problems perceived by citizens to percentage overloads due to the traffic generated by monitoring the vote count.
NoName057 is specialized in carrying out denial of service attacks, which collapse access to destination web pages and prevent access to them. Cybersecurity specialists point out that NoName057 began its activity shortly after the Russian invasion of Ukraine with actions aligned with the geostrategic objectives of the Kremlin and Vladimir Putin. “The group carries out politically motivated attacks against websites of governments, public service companies, telecommunications and transport”, details the firm Avast.
“The group reacts to the evolution of the political situation and attacks Ukrainian companies and institutions and those of neighboring countries, such as Estonia, Lithuania, Norway and Poland,” the same sources explain. On his Telegram channel, NoName057 has claimed responsibility for the campaign of cyberattacks against targets in Spain and has linked them to the shipment of military material to Ukraine.
“Yesterday, by order of the Spanish authorities, 4 Leopard 2A4 tanks were sent to the Ucronazi as part of a new “aid” package, 10 M-113 TOA armored vehicles, 10 trucks and a multi-purpose armored vehicle were also sent there,” the group wrote early on Tuesday, claiming to have taken down the Royal Household website in retaliation. “In such scenarios, we will continue to crush Spain!” They have threatened.
In addition to the Interior portal or the aforementioned media, the group has claimed responsibility for attacks against public transport companies in several Spanish cities, against the National Institute of Statistics, the Spanish Cooperative Bank, the Constitutional Court, La Moncloa, Correos or the Central Electoral Board. Except in the case of Interior, the affectation in most of them has been minimal. Most have not crashed, while others have suffered problems with some of their subdomains.
In the case of newspapers, for example, NoName057 has disabled the service they use to allow their registered readers to identify themselves. “The attack on the ABC newspaper has meant that there have been failures to identify users with their passwords, for which reason the registration notices have had to be temporarily deactivated,” reported this outlet, which managed to restore the service early in the afternoon.
On its Telegram channel, the pro-Putin group has even scoffed at the news that the security forces have begun to investigate these incidents. “Friends, another criminal case has been opened against us (we no longer remember how many there are). This time in Spain”, they reported: “We do not fear criminal prosecutions by law enforcement officers who have sold their conscience. They should initiate criminal cases against Zelensky’s backers in relation to the Spanish authorities, and not against us.” “Glory to Russia!” they added.
Before starting its campaign of cyberattacks in Spain, NoName057 had attacked Polish and Norwegian institutions. As described by Avast, its objectives usually move based on international news. One of the biggest examples came after Finland announced its intention to join NATO, prompting the group to launch crackdowns on the country’s parliament, its Council of State and Finnish police.
Recruiting pro-Putin volunteers
The network expert Marcelino Madrigal has explained on Twitter some more details about the modus operandi of NoName057. Among others, how they recruit volunteers who collaborate in the development of their cyberattacks by turning their devices into zombies that the group uses to crash the websites of its victims.
A scam because the pc can be used for whatever they want, without permission, but hey
The software contacts a server (we call it C&C, Command and Control) from which the addresses of the targets to attack are downloaded, and how to do it.– mmadrigal (@SoyMmadrigal) July 25, 2023
The volunteers receive “a small amount of cryptocurrency”, reveals this specialist, although their main motivation for enrolling their devices in the NoName057 swarm of bots is considered to be ideological. “Spain is not one of the most attacked countries. Now it is relevant because these dates coincide with the elections”, continues Madrigal: “The countries most attacked by this group have been Lithuania, Poland, Italy and, of course, Ukraine”.
