TLDR
- Spanish police arrested three suspected members of the pro-Russian hacker group NoName057(16).
- The suspects are accused of carrying out DDoS attacks against public institutions and strategic sectors in Spain and other NATO countries supporting Ukraine.
- NoName057(16) emerged after Russia’s invasion of Ukraine and uses a custom DDoS attack toolkit called DDoSia.
- The arrests took place in Manacor, Huelva, and Seville, with police seizing computer equipment and other evidence.
- NoName057(16) has threatened retaliation with “a massive cyberattack against the Spanish internet infrastructure.”
Spanish law enforcement has arrested three individuals suspected of being members of the pro-Russian hacker group NoName057(16).
The Spanish Civil Guard announced the arrests on Saturday, July 20, 2024, marking a major development in the ongoing battle against cyberattacks targeting Ukraine’s allies.
The suspects were apprehended in three different locations across Spain: Manacor on the island of Mallorca, and in the southern cities of Huelva and Seville.
During the arrests, authorities conducted searches of the suspects’ homes, seizing computer equipment and other evidence that could be crucial to the ongoing investigation.
NoName057(16) is a hacktivist group that emerged shortly after Russia’s full-scale invasion of Ukraine in 2022. The group has gained notoriety for its distributed denial-of-service (DDoS) attacks against public institutions and strategic sectors in countries supporting Ukraine in the conflict with Russia. These attacks work by flooding targeted websites with junk traffic, rendering them inaccessible to legitimate users.
What sets NoName057(16) apart is their use of a custom DDoS attack toolkit called DDoSia. This tool has made it easier for individuals without professional hacking skills to participate in cyber warfare from their homes, potentially expanding the group’s reach and impact.
The Spanish Civil Guard described NoName057(16) as “one of the most active groups” attacking Ukraine and its allies since the Russian invasion began. The group’s targets have primarily been European countries, including Poland, Czechia, Lithuania, Italy, and Spain itself.
In their own founding manifesto, the group acknowledges that they “will respond proportionately in response to the hostile and openly anti-Russian actions of Western Russophobes.” This statement aligns with the pattern of attacks observed against countries supporting Ukraine.
While Spanish authorities have not released details about the suspects, they have stated that the investigation is ongoing. Law enforcement agencies are working to identify other members of the group, suggesting that this operation may be part of a larger effort to dismantle the hacker network.
The arrests have not gone unnoticed by NoName057(16). In response to the news, the group released a statement calling the actions of the Spanish police “a witch hunt” and claiming that “any EU resident can get into the millstones of police lawlessness.”
The hackers have threatened retaliation. They announced plans for “a massive cyberattack against the Spanish internet infrastructure” and called on their allies to join the effort. The group also published a list of alleged targets in Spain, including websites of the city of Valencia and several local ports. Many of these sites were reported to be unavailable following the announcement.
The arrests in Spain serve as a reminder of the international nature of cybercrime and the importance of cross-border cooperation in combating these threats. NATO has previously warned Russia about potential consequences for cyberattacks and other hybrid attacks on member states, underscoring the seriousness with which the alliance views these digital threats.