close
close

Pro-Russian hackers arrested in Spain for cyber attacks on NATO allies

Spain has arrested three people accused of carrying out cyber attacks as part of a known pro-Russian hacking group targeting Ukraine and NATO countries that support Ukraine.

The Spanish Civil Guard announced on July 20 that they had arrested the suspects in Manacor, Balearic Islands and in the province of Andalusia. The individuals are believed to have carried out Distributed Denial-of-Service (DDoS) attacks on government institutions and strategic sectors of countries supporting Ukraine. These cyberattacks have been taking place since Russia launched its large-scale invasion of Ukraine.

According to the Guardia Civil, the arrested hackers are members of the Russian ‘hacktivist’ group ‘NoName057(16)’. The group emerged in March 2022 and initially targeted Ukrainian government and media websites, but then expanded its activities to Western government, economic and logistical structures, particularly in NATO member states.

Group profile and activities

“NoName057(16)” relies heavily on volunteers to carry out its cyberattacks. The group previously released its crowdsourced botnet “DDoSia” along with detailed instructions in Russian and English on how to carry out DDoS attacks using this tool. Their operational strategy shows a mix of grassroots mobilization and advanced cyber tactics.

In a statement, the Guardia Civil noted that investigations are ongoing to identify other participants involved in these cyberattacks. The group’s adaptability and volunteer-driven approach have made it a persistent threat in the cyber domain.

Collaborations and connections

“NoName057(16)” has a history of collaboration with other prominent Russian cyber entities that share similar goals. The group has collaborated with “Killnet”, “XakNet Team”, and “CyberArmyofRussia_Reborn”, reflecting a coordinated effort between these cyber actors.

In a report published in September 2022 and updated in April 2024, Mandiant Intelligence suggested with moderate confidence that “XakNet Team” and “CyberArmyofRussia_Reborn” are coordinating their operations with the Russian Main Intelligence Directorate (GRU) unit known as “Sandworm,” or Advanced Persistent Threat (APT) 44. The report also indicated that “Killnet” likely has limited ties to the GRU.

Also read:

Hungarian Foreign Minister Szijjártó refuses to summon Russian ambassador over 2022 cyberattack

__________________________________________________________________________________________________________________

Related Posts