Cyber Incident Victim: Switzerland
Date:
Jan 2025
Location:
Switzerland
Summary
A pro-Russian hacker group known as NoName057(16) conducted distributed denial-of-service (DDoS) attacks targeting Swiss financial institutions and municipal websites, including Zürcher Kantonalbank, Waadtländer Kantonalbank, and several communities such as Luzern and Kriens, rendering them temporarily inaccessible. The group publicly claimed responsibility on social media platform X, framing the attacks as retaliation against Switzerland for supporting Ukraine and testing the resilience of its internet infrastructure. Operating since 2022, NoName057(16) employs politically motivated DDoS campaigns to disrupt entities in nations perceived as hostile to Russian interests, focusing on overwhelming targets with traffic to deny legitimate access without data theft.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 21, 2025, a coordinated distributed denial-of-service (DDoS) attack disrupted access to multiple Swiss websites, primarily targeting financial institutions and municipal entities. The Zürcher Kantonalbank and Waadtländer Kantonalbank experienced service outages, rendering their websites inaccessible to users. Several municipal websites were also affected, including those of Luzern, Adligenswil, Kriens, and Ebikon. The pro-Russian hacker group NoName057(16) publicly claimed responsibility for the attacks through a post on the social media platform X, stating they were "testing the resilience of Swiss internet infrastructure" while listing the compromised sites. This incident followed months of similar DDoS campaigns against Swiss banking and government online services. The attackers overloaded target systems with massive artificial traffic volumes, causing operational disruptions without data exfiltration. Service interruptions persisted for an unspecified duration during the attack window. NoName057(16) framed the incident as part of an ongoing pressure campaign against nations supporting Ukraine in the Russo-Ukrainian conflict.
The hacker group NoName057(16) has conducted politically motivated cyber operations since 2022, focusing on European entities perceived as hostile to Russian interests. Their activities primarily involve DDoS attacks against government agencies, financial institutions, and critical infrastructure operators in countries including Germany, Poland, the Baltic states, and Switzerland. The group operates through decentralized networks of anonymous actors who coordinate attacks via platforms like Telegram and X. Their operational methodology centers on overwhelming web infrastructure with coordinated traffic floods, causing temporary service denials rather than persistent system compromises. NoName057(16) explicitly justifies attacks as retaliation against Western support for Ukraine, categorizing target nations as "unfriendly" to Russia. The January 2025 Swiss incident represents a continuation of this pattern, leveraging non-persistent disruption tactics to generate publicity and political messaging. The group's public communications emphasize testing defensive capabilities while warning of potential future escalations against aligned states.