In its most recent cyber attack on European nations, the pro-Russian hacker group NoName has claimed responsibility for launching a Distributed Denial-of-Service (DDoS) attack against critical infrastructures in Poland. The group targeted key institutions, including the National Bank of Poland and the website of the Polish Computer Security Incident Response Team (CSIRT GOV). The National Bank of Poland, also known as Narodowy Bank Polski (NBP), reportedly failed to defend against the DDoS attack.
According to several threat intelligence services, the website of the National Bank of Poland was inactive for a period of time on Sunday following the alleged cyber attack. However, the website became active again at the time of publishing this report. This attack on the National Bank of Poland is the latest in a series of DDoS attacks targeting Polish organizations identified by the hacker group in recent times.
The Cyber Express has reached out to the National Bank of Poland for an official statement regarding the reported cyber attack. An update will be provided once a response is received from the bank.
NoName hackers posted on Telegram claiming responsibility for the attack on CSIRT GOV, stating, “The website of the Polish company CSIRT GOV, which monitors computer security incidents and is headed by the head of the internal security agency, was slammed.”
Falcon Feeds, a threat intelligence service, reported that NoName has executed nearly 850 DDoS attacks in the past three months, including the attack on the National Bank of Poland, as part of its DDoSia project. The hacker group has been inviting criminals to join DDoSia, which is a crowdsourced model for launching DDoS attacks. It was reported that NoName offered nearly 80,000 Roubles ($1,200) in cryptocurrency for successful DDoS attacks on targeted organizations.
NoName’s botnet has grown to over 1,000, targeting Ukrainian and NATO organizations. The group has been targeting government organizations, critical infrastructure, and banks among other European targets. They have been using an updated version of the DDoSia attack tool, which can fetch a list of targets to send a multitude of junk HTTP requests, crashing the systems. The new variant is written in the Go programming language.
The DDoSia attack tool primarily targeted Ukraine and NATO countries, specifically those in the Eastern Flank such as Lithuania, Poland, the Czech Republic, and Latvia. France, the United Kingdom, Italy, Canada, and other European Union nations were also major targets due to their political, military, and economic support for Ukraine during the Russian invasion.
NoName057(16) relied on their Telegram channels for communication regarding the DDoSia tool. The hacker group maintained two channels—one in Russian with over 45,000 subscribers and another in English. NoName’s tools have been found to impact Windows, Linux, and macOS systems.
Please note that this report is based on internal and external research obtained through various sources, and the information provided is for reference purposes only. Users bear full responsibility for their reliance on this information, and The Cyber Express assumes no liability for the accuracy or consequences of its use.