Professional-Russian hacktivist gang Noname has claimed over 6600 assaults since March 2022, virtually solely concentrating on European nations, new analysis from Orange Cyberdefense has proven.
The cybersecurity vendor’s Safety Navigator 2025 report discovered that 96% of Noname’s attacks targets included Ukraine, Czech Republic, Spain, Poland and Italy and have been ongoing since Russia started its invasion of Ukraine in early 2022.
The hacktivist group has not focused the US as soon as throughout this era, the researchers discovered.
Chatting with press forward of the report’s launch, Charl van der Walt, International Head of Safety Analysis at Orange Cyberdefense, mentioned a potential clarification for that is the group is cautious of coming to the eye of US authorities, having noticed the high-profile takedowns of main cybercriminal gangs like LockBit prior to now 12 months.
“We predict they don’t need to poke that bear,” commented van der Walt.
Noname Extremely Reactive to Occasions
The researchers noticed that Noname tends to focus on “symbolic” European entities with DDoS assaults, with the first aim of utilizing technical disruptions to govern public opinion and destabilize societal confidence in nations thought of to go towards Russian pursuits.
These are designed to attract consideration to political and financial points, pushing the narrative that Western concepts and establishments usually are not working and crumbling on platforms like Telegram and X (previously Twitter).
Van der Walt mentioned that the group is reactive to geopolitical occasions, with its “operational cadence outlined by what’s occurring in the actual world.”
For instance, it launched a spate of assaults towards targets in Spain after Spanish police arrested three people suspected of being members of Noname in July 2024.
Many of those occasions usually are not instantly associated to Russia. This was proven when Noname launched DDoS assaults towards web sites of Belgian establishments in October 2024 in assist of protests by farmers in Belgium.
Moreover, Noname was behind DDoS attacks on numerous UK councils in late October 2024, which it claimed was retribution for British army assist for Ukraine.
Van der Walt mentioned there isn’t any proof of a direct strategic relationship between the Russian authorities and Noname, though there’s clear ideological alignment between them.
Continued Hybridization of Hacktivism
The report highlighted how hacktivism has modified considerably, with its present ‘institution period’ turning into significantly distinguished since Russia’s invasion of Ukraine.
Orange Cyberdefense outlined the earlier hacktivist carnations as:
- Digital utopia (1985-2005). Made up of hackers who envisioned a greater web and who needed to attract consideration to safety and different points on this surroundings
- Anti-establishment (2006-2013). Hacktivists on this period primarily focused governments and large companies whose actions they didn’t agree with. The Nameless collective was significantly distinguished throughout this era
- Institution (2014 – current). Extra hacktivist exercise from Russia-aligned teams lately. Many hacktivist teams have moved away from being anti-government to brazenly aligning with the aims of sure nation states
Read now: From Protests to Profit: Why Hacktivists Are Joining the Ransomware Ranks
In addition to aligning with nation-states, one other trait of contemporary hacktivism is overlap and cooperation with financially motivated cybercriminals. Van der Walt mentioned this development is testing the safety neighborhood’s need to provide labels to risk actors.
A notable trait of hacktivist teams is that they function within the public area, brazenly boasting and discussing their actions.
Additionally they typically use volunteers to assist increase assaults. For instance, Noname employs “DDoSia” ways, during which it declares its goal web sites and asks for volunteers to hitch in to extend the assault quantity.
Volunteers are sometimes incentivized with cryptocurrency funds for these actions, van der Walt added.
Hacktivists Prolong Attain to OT Techniques
One other development regarding hacktivist exercise is the concentrating on of operation technology (OT) systems utilized by vital industries akin to manufacturing, energy, healthcare and transportation with the goal of inflicting disruption.
Orange Cyberdefense attributed 23% of ‘Class 2’ assaults concentrating on OT prior to now 12 months to hacktivists. Class 2 incidents are outlined by the UK’s Nationwide Cyber Safety Centre (NCSC) as cyber-attacks which have a severe influence on central authorities, important companies, a big proportion of the inhabitants or the financial system.
Nation-state actors are inclined to keep away from damaging assaults on these environments for concern of escalating tensions between nation-states, van der Walt famous. Nonetheless, hacktivist teams haven’t any such constraints.
