• 11/10/2024

Spain detains three Russian volunteer hackers over targeting Ukraine and its allies – ISW

Pravda Ukraine

Spanish authorities have detained three people accused of carrying out cyberattacks as part of a known pro-Russian hacker group that targets Ukraine and NATO countries that support Ukraine.

Source: Institute for the Study of War (ISW)

Details: The Spanish Civil Guard, one of Spain’s two national law enforcement agencies, announced on 20 July that it had detained three people in Manacor, Balearic Islands and Andalusia province for conducting denial-of-service (DDoS) attacks targeting government agencies and strategic sectors of countries that support Ukraine. The attacks took place after the start of the Russian full-scale invasion.

The Spanish Civil Guard reported that the hackers were affiliated with the Russian “hacktivist” group “NoName057(16)” and are continuing to investigate various leads to identify those responsible for the cyberattacks.

“NoName057(16)” is a pro-Russian cyber collective that surfaced in March 2022. Initially focusing on Ukrainian government and media sites, the group later broadened its operations to include attacks on Western government, economic, and logistical infrastructures, extending its reach to NATO member states.

“NoName057(16)” operates with the help of volunteers to execute its cyberattacks and has previously released its own crowdsourced botnet, DDoSia. This botnet comes with detailed instructions in both Russian and English on how to employ it for DDoS attacks.

“NoName057(16)” has repeatedly stressed its willingness to cooperate with other cyber actors with whom it shares “similar values” and has previously collaborated with other well-known Russian cyber actors such as Killnet, XakNet Team and CyberArmyofRussia_Reborn.

Quote: “Mandiant Intelligence assessed with moderate confidence in an article published in September 2022 and updated in April 2024 that XakNet Team and CyberArmyofRussia_Reborn are coordinating operations with the Russian Main Intelligence Directorate (GRU)-sponsored ‘Sandworm,’ or Advanced Persistent Threat (APT) 44, and that Killnet also likely has ‘limited’ links to the Russian GRU.”

To quote the ISW’s Key Takeaways on 20 July:

  • Ukrainian President Volodymyr Zelenskyy spoke with former US President and Republican presidential nominee Donald Trump on 19 July and discussed an end-state to the war in Ukraine.
  • Ukrainian drones struck a Russian airfield in Rostov Oblast on the night of 19 to 20 July.
  • Russian Minister of Defense Andrei Belousov and the Russian Ministry of Defence (MoD) continue to use meetings with Kremlin-affiliated military bloggers to attempt to rehabilitate the MoD’s image among pro-war Russian ultranationalists and portray Belousov as an effective manager of the MoD.
  • Russian authorities are likely trying to strengthen coercive measures aimed at impressing migrants facing deportation into military service.
  • Spanish authorities arrested three individuals accused of conducting cyberattacks as part of a prominent pro-Russian hacking group that consistently targets Ukraine and NATO states supporting Ukraine.
  • Russian forces recently advanced near Vovchansk, Svatove, and Donetsk City.
  • Kremlin-affiliated business-focused outlet Kommersant reported on 19 July that low-quality machine parts grounded five Russian Ministry of Defence (MoD) Il-76MD-90A transport aircraft.

Support UP or become our patron!

https://www.pravda.com.ua/eng/news/2024/07/21/7466688/