Polish stock exchange, banks knocked offline by pro-Russian hackers


The Warsaw Stock Exchange, several banks, and the Polish government’s website for public services were knocked offline Monday in the latest targeted campaign reportedly carried out by the pro-Russian hacktivist group NoName057(16).

Just days after two bad actors were arrested for hacking into the Polish public railway system, it appears that pro-Russian hacktivists are now going after the Polish financial sector.

The Russian-linked NoName gang announced the attacks on their encrypted Telegram channel around 10 a.m. Monday morning in Poland.

ADVERTISEMENT

The gang’s first target was the Warsaw Stock Exchange, citing the rant of a popular politically conservative Polish columnist who recently wrote about the Central and Eastern European block and their undying hatred of Russia.

“To express our support to all adequate citizens of Poland who oppose the authorities of their country drowning in Russophobia, our DDoS rocket launchers today are aimed at Polish targets,” the group posted.

Noname Warsaw Stock exchange post
Image by NoName057(16), Telegram

The group did not stop there, however, and went on to claim several major Polish commercial banks, including Bank Pekao, Raiffeisen Bank, Plus Bank, Credit Agricole Bank, and BNP Paribas.

At the time of this report, the websites for the Warsaw Stock Exchange, Bank Pekao, and Raiffeisen Bank were still offline.

Noname Warsaw Stock exchange down
Image by Cybernews

Lastly, the group also posted to its more than 50K Telegram followers that it had attacked the Polish government’s verification service using its signature DDoS or distributed denial-of-service attack.

“🔥The site of "Trusted Profile" - a service that allows you to remotely confirm your identity and receive a digital signature to work on Polish government sites and receive a wide range of services – was slammed🚀,” NoName posted.

ADVERTISEMENT
Noname Polish gov services banks down
Image by NoName057(16), Telegram

NoName gang goes for impact

The threat actors have been relentlessly targeting dozens of Western nations and governments allied with Ukraine since the Russian invasion last spring.

In the first half of 2023, NoName057(16) was tracked to have dominated the pro-Russian hacktivist landscape, with no sign of slowing down.

The group's methods have advanced in recent months, according to a Cybernews exclusive interview about NoName, with two Radware threat researchers this month at Black Hat.

According to Radware’s latest profile, the group recruits supporters of its DDoSia bot project from the dark web. The recruits then get paid out in crypto depending on how many targeted campaigns they participate in and how successful the attacks are.

The researchers also found NoName has changed tactics and begun to specifically go after critical infrastructure – such as financial, government, and aviation sectors – to optimize the impact of its DDoS attacks.

Since July, NoName057(16) has claimed responsibility for targeting the banking systems in both Ukraine and Italy, the French parliament, and nearly a dozen attacks on Switzerland’s financial and aviation sectors.

In a DDoS attack, a server is flooded with thousands of traffic requests from random bot computers, causing the website to crash.

In the meantime, this weekend’s Polish railway attacks brought roughly twenty trains to an emergency standstill after two Polish citizens spoofed the trains' signal system using radio frequency.

ADVERTISEMENT

The presumed Russian sympathizers also used the radio frequencies to transmit the Russian national anthem to play over the public address system, as well as snippets of a speech by President Vladimir Putin, according to local media.