Cyber Threat Actor: NoName057

NoName057, also known as SenzaNome057(16), is a pro-Russian threat actor conducting disruptive cyber operations primarily against European entities. The group focuses on distributed denial-of-service (DDoS) attacks to overwhelm target infrastructure, leveraging publicly accessible platforms like Telegram for coordination and GitHub for tool dissemination. Its operations consistently align with Russian geopolitical interests, retaliating against nations supporting Ukraine or opposing Russian policies. NoName057 employs a custom DDoS tool called DDOSIA, which enables decentralized botnet-driven attacks designed to maximize service disruption. The group’s activities are geographically concentrated in Western Europe, with confirmed operations in France, Belgium, Italy, Spain, and Romania.

NoName057 targets government services, critical infrastructure, and financial systems, with strategic emphasis on disrupting public confidence and operational continuity. Notable campaigns include the December 2025 DDoS attack on France’s national postal service and banking platforms during peak holiday travel, which incapacitated package tracking and digital payments. The group similarly disrupted Belgian municipal and port authority websites in October 2024, citing retaliation for military aid to Ukraine, and attacked Romanian government portals during presidential elections in May 2025. Spanish authorities linked NoName057 to a March 2025 cyberattack on Toledo’s municipal systems following Prime Minister Pedro Sánchez’s pro-Ukraine statements. While French and Belgian intelligence agencies investigate potential Russian state affiliations, no direct operational nexus has been publicly confirmed. The actor’s TTPs remain consistent—high-volume traffic floods without data exfiltration or malware deployment—reinforcing its focus on temporary disruption over persistent compromise.