The Swiss parliament website experienced a brief period of downtime on June 12, during which a message was posted on the Telegram channel of a pro-Russian cyber threat actor known as NoName057(16). The post claimed responsibility for the website outage and stated that it was in response to Switzerland’s recent participation in EU sanctions against Russia. The threat actor referred to Ukrainian President Volodymyr Zelensky as a “Bandera member” and claimed that the attacks were in retaliation for his gratitude towards Switzerland for its support of the sanctions. The attacks continued for several days, targeting major government and public service websites in Switzerland.
The Swiss finance ministry acknowledged that several federal administration websites were unavailable during this time, but did not confirm that it was a DDoS attack or attribute it to NoName. Interestingly, these DDoS attacks followed a ransomware attack on a technology firm called Xplain, which provides government software for various Swiss departments. The stolen data was subsequently posted on the darknet. The attack on Xplain was attributed to the Play ransomware group.
According to a report by Trustwave, DDoS attacks can be used as a distraction to mask data exfiltration or as a pretext for a physical assault. In this case, the attacks on Switzerland may have been intended to divert attention away from other malicious activities. NoName, the threat actor behind the attacks, has been active since March 2022 and operates under various aliases. The group has a pro-Russian stance, and its actions are driven by a manifesto that responds to those who have displayed hostility towards Russia.
NoName operates through a private Telegram channel known as the DDosia Project, which serves as their communication hub. The group continues to engage in DDoS attacks primarily targeting European institutions and companies, aligning with their support for Russia in the ongoing conflict with Ukraine. To incentivize participation in their attacks, NoName offers cryptocurrency payments to individuals who install their DDosia tool.
The rise of state-sponsored threat actors poses significant challenges for governments, organizations, and cybersecurity experts. These actors often have close ties to their respective governments and receive instructions and resources to carry out cyber attacks. They have specialized skills and technical expertise, making them a formidable force in the field of cyber warfare. The motivations behind their attacks can vary, but they often serve political or geopolitical interests.
In the case of the attacks on Switzerland, it appears that the DDoS attacks were a means to divert attention and create chaos while other malicious activities potentially took place. The attacks targeted major government and public service websites, causing disruptions and inconvenience for Swiss citizens. The Swiss administration worked to restore the affected services and ensure the security and resilience of its systems. The motivation behind NoName’s attacks seems to stem from their pro-Russian stance and their desire to retaliate against those they perceive as hostile towards Russia.