Cyber Threat Actor: Zarya
| Actor Type | Location | Known Incidents |
Activist
|
—
|
2 incidents |
|---|
Profile
The threat actor known as Zarya operates under the primary alias NoName057(16), frequently abbreviated as NoName. This pro-Russian hacktivist collective emerged around March 2022 following Russia’s invasion of Ukraine. It conducts disruptive cyber operations primarily against NATO member states and entities supporting Ukraine, explicitly citing geopolitical retaliation as motivation. The group maintains an active Telegram channel with over 30,000 followers to claim operations and recruit volunteers.
NoName057(16) specializes in distributed denial-of-service (DDoS) attacks, particularly Slow HTTP attacks (Slowloris), which exploit server vulnerabilities by maintaining incomplete connections to exhaust resources. Targets consistently align with Russian political interests, focusing on government websites (New Zealand Parliament, French Senate, Swiss Parliament), financial sectors (Ukrainian banks, Swedish Financial Supervisory Authority), transportation infrastructure (Italian transport authorities, Milan Metro), and electoral systems (Czech presidential candidates). Operations aim to temporarily disrupt services rather than steal data, often coinciding with geopolitical events like arms shipments to Ukraine or NATO policy discussions. The group collaborates with other pro-Russian entities like Anonymous Sudan, expanding targeting to include non-Ukraine-related issues such as Quran burnings in Sweden. While openly pro-Russian, no direct state affiliation is explicitly documented in public reporting. Significant campaigns include DDoS attacks against Canadian government websites during a Ukrainian official visit (April 2023), sustained assaults on Ukrainian banking infrastructure (June 2023), and multi-country port disruptions across Europe (June 2023). The collective has also advertised cryptocurrency payments to volunteers participating in DDoS campaigns.
