Menu
Browse

Cyber Threat Actor: NoName05716

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Activist
Russia
7 incidents
Profile

NoName, also tracked as NoName05716 or NoName057(16), is a pro‑Russian hacktivist group that has been linked to Russia in open‑source reporting. The actor is described in the source material as a Russian‑linked hacktivist collective that emerged around the start of the Russian invasion of Ukraine and has since aligned its activities with pro‑Russian narratives. While the group is not explicitly labeled as state‑sponsored, its self‑presented motivations and targeting patterns consistently reference retaliation against perceived anti‑Russian actions and support for Ukraine‑aligned entities.

The group’s observed targeting focuses on government, municipal, transportation, financial and critical‑infrastructure entities located in nations that are either NATO members allied with Ukraine or that have taken positions the group views as hostile to Russia. Reported victims include French municipal websites and government portals, Danish municipalities and transport sites, Swiss federal administration and aviation‑sector organizations, Canadian federal websites, the New Zealand Parliament site, Ukrainian banks, Swedish financial supervision and railway authorities, European seaports in Italy, Germany, Spain and Bulgaria, the French parliament, Swiss financial and aviation sectors, and websites associated with Czech presidential election candidates. The stated strategic objectives behind these operations include retaliation for actions such as France’s alleged “russophobe” stance, Switzerland’s hosting of Ukrainian President Zelenskyy at the World Economic Forum, Canada’s foreign‑policy positions on Russia and China, and New Zealand’s support for Ukraine. The group also claims its actions aim to sow digital unrest, generate media attention to propagate its ideology, and disrupt online banking infrastructure in Ukraine without seeking data theft or lasting harm.

In terms of tactics, techniques and procedures, NoName relies primarily on distributed denial‑of‑service (DDoS) attacks that overload target servers with traffic to render websites temporarily unavailable. The group has referred to these tools as “DDoS missiles” and has claimed responsibility for attacks via its Telegram channel, where it also advertised cryptocurrency payouts to volunteer hackers who join its DDoS campaigns. Notably, the group emphasizes that its operations do not involve data exfiltration or breaches, framing the effects as short‑term disruptions rather than persistent harm. Representative campaigns cited in the sources include a large‑scale DDoS effort against French municipal sites on 31 December 2024, a coordinated wave against Danish entities on 24 February 2024, a Swiss federal‑admin and private‑sector incident on 17 January 2024, a Canadian government‑website outage on 10 April 2023, a New Zealand Parliament DDoS on 19 July 2023, a June 2023 wave targeting Ukrainian banks and Swedish financial targets, and a June 2023 series of attacks on European ports and election‑related websites in the Czech Republic. These examples illustrate the group’s recurring use of DDoS as a means to convey political messages and cause temporary service interruptions across a range of Western and Ukrainian‑aligned targets.

Incidents
Attributed incidents available to members
7 incidents
Sources
Sources available to members
237 sources