NoName057(16)

NoName057(16) is a pro-Russian hacktivist threat actor focused primarily on distributed denial-of-service operations in support of Russia’s geopolitical interests. The group is also referenced as NoName, nnm05716, noname057, and noname05716. Multiple sources in the provided content describe it as Russia-linked or pro-Russian, and U.S. indictments allege it was a state-sanctioned project administered in part by Russia’s Center for the Study and Network Monitoring of the Youth Environment (CISM). Danish authorities further assessed that NoName057(16) has links to the Russian state. The group has targeted governments, political institutions, financial institutions, public railways, ports, utilities, and other critical infrastructure, especially in Ukraine-supporting European and NATO countries. Reported victims and target sets in the content include European government agencies and political institutions, Danish websites ahead of the November 2025 elections, Swedish authorities and banks, Swiss organizations during Ukraine-related political events, Dutch targets during a NATO summit, Italian entities during the Milano Cortina 2026 Winter Games, and broader campaigns against European financial institutions. The content also states that since 2022 the group has conducted more than 3,700 verified DDoS attacks against governments and critical sectors in NATO member states. Operationally, NoName057(16) relies heavily on Telegram for recruitment, propaganda, target distribution, and claims of responsibility. The group regularly posts proof of downtime, pushes daily target lists, and uses gamified participation mechanisms such as leaderboards, badges, and public recognition. U.S. indictment material in the content states that the group primarily uses its proprietary DDoSia tool, and that it recruits volunteers worldwide to download the tool and participate in attacks, rewarding top participants with cryptocurrency. The content also describes DDoSia as a Go-based volunteer-driven client and notes verified uptime checking as part of the group’s campaign workflow. The group has shown a pattern of timing attacks around symbolic or geopolitical events. Examples in the content include activity around the NATO Summit, the Ukraine Peace Summit, the Bürgenstock summit, the Danish elections, and the Milano Cortina 2026 Winter Games. It has also used geopolitical triggers to open new campaigns such as #OpDenmark and has been described as conducting coordinated multi-country sweep campaigns. Beyond its core anti-Ukraine-supporter targeting, the content says NoName057(16) joined broader anti-Israel and pro-Iran cyber activity in March 2026 while still pursuing Russia-linked objectives. It reportedly cooperated with the Cyber Islamic Resistance in DDoS attacks against an Israeli defense contractor and municipal governments, and formed alliances or joint activity with groups including Hider_Nex, Keymous+, Mr Hamza, AnonSec, Moroccan Dragons, Russian Legion, DarkStorm Team, and RuskiNet. The content also references companion or related pro-Russian groups such as Z-Pentest, Sector 16, Dark Engine, and CyberArmyofRussia_Reborn in adjacent reporting, but does not establish them as sub-groups of NoName057(16). Law enforcement action against the group is documented in the content. Operation Eastwood, coordinated by Europol and Eurojust between 14 and 17 July, disrupted more than 100 systems worldwide, took a major part of NoName057(16)’s central infrastructure offline, resulted in arrests, arrest warrants, house searches, and interviews, and identified more than 4,000 supporters and several hundred servers in its botnet. Despite this disruption, the content states the group continued operations into 2026. The content also links infrastructure associated with Stark Industries, WorkTitans, THE.Hosting, and related entities to traffic transit or support for attacks attributed to NoName057(16), including attacks on European institutions and Danish government systems. Overall, the provided material consistently characterizes NoName057(16) as one of the most active pro-Russian DDoS collectives targeting European and NATO-aligned organizations, using volunteer-driven tooling, Telegram-based coordination, and politically timed disruptive campaigns.