Cyber Threat Actor: NoName057
| Actor Type | Location | Known Incidents |
Activist
|
—
|
2 incidents |
|---|
Profile
NoName057 is the alias used by a hacker collective that has been identified in open‑source reporting as a pro‑Russian group. The name appears in multiple incident reports from October 2024. No other aliases are publicly associated with this actor in the provided material. The collective is referenced solely by this moniker in the cited sources.
The group’s observed targets have been the websites of Belgian ports and municipal authorities, specifically mentioning Zeebrugge, Antwerp, Sint‑Genesius‑Rode and Linkebeek. These targets fall within the government and critical infrastructure sectors, focusing on local authority online services. The stated motivation for the attacks is Belgium’s support for Ukraine, indicating a politically driven objective rather than financial gain. Consequently, the primary strategic aim appears to be disruption of online presence to convey a political message.
The only technique described in the reporting is a Distributed Denial of Service (DDoS) attack that overwhelms servers with traffic, rendering the sites temporarily inaccessible. No specific malware families, exploit kits, or initial access vectors are mentioned in the available sources. The Centre for Cybersecurity Belgium characterised the traffic as a non‑dangerous overload, implying the use of volumetric rather than application‑layer methods. No additional tooling or post‑exploitation activities are reported.
Attribution in the open‑source material aligns the actor with Russian interests but does not provide explicit evidence of state sponsorship or military direction. No connections to known criminal syndicates, mercenary groups, or other threat‑actor alliances are documented. The sources refrain from linking the activity to any specific intelligence service or governmental unit. Consequently, the actor’s affiliation is limited to the observed pro‑Russian orientation described in the reports.
A representative operation occurred on 8 October 2024 when NoName057 launched a wave of DDoS attacks against the aforementioned Belgian port and municipal websites, which the Centre for Cybersecurity Belgium described as the second such wave within two days. The attacks caused temporary inaccessibility but were assessed as non‑dangerous overloads. The group warned of further actions ahead of upcoming local elections, indicating a pattern of politically timed disruption. This incident exemplifies the actor’s current focus on short‑term service disruption to convey a geopolitical message.
