In its latest strategy to gain notoriety on the hacktivist landscape, pro-Russian group NoName057(16) is advertising cryptocurrency payouts to volunteer hackers in exchange for technological firepower.
The hacktivist group NoName057(16), known for targeting governments and organizations that support Ukraine, calls their volunteers "heroes."
During its most recent campaign, the group and its heroes were reported on January 11 to have targeted the websites of at least half a dozen 2023 Czech presidential election candidates, causing chaos just days before the elections were scheduled to begin.
#Noname05716 has been relentlessly targeting #CzechRepublic sites first their elections sites and now key parts of industry#cybersecurity #infosec #RussiaUkraineWar #UkraineRussianWar pic.twitter.com/J5tFAny2GVundefined CyberKnow (@Cyberknow20) January 16, 2023
Earlier that same week, the group successfully targeted the Danish financial sector, including the Central Bank of Denmark. That attack resulted in the removal of the group’s multi-OS supported toolkit from Github.
NoName057(16) uses DDoS as their preferred method of attack and is supported by a stable of volunteers recruited from the dark web.
A Distributed Denial of Service or DDoS attack typically uses a bot, or army of bots in this case, to target a website address by flooding its domain with connection requests, causing it to crash and go offline. Bots are launched remotely by the attacker.
For assisting NoName057(16) achieve their goals, these so-called heroes are not only promised boasting rights among their peers, but financial prizes reportedly worth hundreds, if not thousands of US dollars, according to research website Avast Threat Labs.
“It’s a novel way to attract, motivate and retain a workforce focused on advancing nation-state sponsored hacking," said Eric Noonan, the CEO of US Defense Department security compliance firm CyberSheath. “Its really a management tool and very clever on many levels. It’s a great way to identify talent to nurture and train for future work,” Noonan said.
Is the gamification of cyber warfare here to stay?
While nation-state sponsored hackers and activists-who-hack are nothing new, NoName057(16) may be creating an entirely new niche in the hacking community.
NoName057(16) first popped up on the hacktivist scene in March 2022, coinciding with the start of the Russian-Ukraine conflict. The Ukrainian news outlets were their first successful targeted attacks.
In their first six months of existence, the group targeted dozens of other businesses and governmental belonging to surrounding NATO nations, including Poland, Lithuania, and Estonia.
“Gamification has certainly been a part of training for and against cyber threats for some time now and I think as a technique, gamification is very much a part of the cyber domain and so, while this example is new, gamification of cyber warfare is not a new concept,” Noonan stated.
In response to NoName057(16) and other pro-Russian hacktivist groups, such as Killnet, the Ukrainian government put out its own plea for volunteer ‘cyber soldiers’ to help protect the country's assets and critical infrastructure.
Even so, NoName057(16) has been labeled more of a nuisance than a real threat, Avast said.
The group has been stepping up its high-profile attacks since November, yet their success rate is only about 17%, the site reported.
The surge in recent attacks follows the shutdown of one of the group's more successful malware botnets, ‘Bobik’, this past fall. The shutdown led them to focus on the pay-for-volunteer hacking platform, otherwise known as the DDosnia project, Avast reported.
“If you view it as a business model,” Noonan said, “it simply feels like the application of a business management tool or business model to the hacking vertical. In many ways it probably was inevitable.”
Once recruited, volunteers are required to register on the group's encrypted Telegram messaging platform to receive instructions and participate in the crypto contest.
The site provides its own leaderboard tracking the names and statistics of the campaign's top performers, reported Avast. There are about 1000 volunteers signed up as of this week, they noted.
The group claims incentive payouts are determined by how much an individual hacker contributes to the success of a targeted campaign.
Avast reported there has been no definitive proof of any actual payout. To be eligible, volunteers are required to register their crypto wallets on the site.
NoName057(16) provides its volunteers with online toolkits to help overwhelm the targeted sites, as well as its subdomains for an even greater impact.
As global conflicts continue to shift into the cyber realm, will awarding prizes and cryptocurrency to hackers with the highest success rates morph into something even more nefarious?
“I don’t think it changes warfare,” Noonan said. “It simply becomes a tool to identify, attract, motivate, train, and retain talent for both the good guys and the bad guys. The good news is that it’s equally available for the forces for good to exploit as well,” he said.
More from Cybernews:
Subscribe to our newsletter