Russian ultranationalist hacktivism has been organized around hacker groups, funded to harass government sites across Europe and the United States.
The harassment of French administration sites by pro-Russian hacktivists has practically become a habit since the start of Russia’s invasion of Ukraine in February 2022. If certain cyber attacks, like this of March 11, produce some visible effects, the majority of attacks generally go unnoticed. On the other hand, they force IT departments to be on alert to avoid a stupid accident.
Indeed, the main risk is a website failure. Hacktivists launch DDOS attacks, that is to say waves of connections directed simultaneously towards a platform. If the number of requests is very high, the server is no longer able to process them, and the site becomes unavailable, until the lull. To carry out their harassment, hacktivists use botnets, networks of thousands of infected devices (especially computers), diverted for malicious purposes. However, carrying out these assaults comes at a cost. The driver software for this network must be sufficiently efficient and rely on a large number of machines to really disrupt a network.
Bounties and software to launch cyberattacks
Usually, Russian ultranationalist hacker collectives seek to recruit members to amplify their nuisance. NoName057(16) differentiates itself with a free-for-all program, promoted on public channels on Telegram and rewards for those who carry out the most attacks.
This group adopted this system early. In the fall of 2022, after Russia’s first failures and the stabilization of the front line, hacktivists began looking for people to harass the West. Bonuses are paid regularly to the most zealous each month. Payments are in rubles, but the most stubborn can receive from 1,000 to 8,000 euros. The rest just collects crumbs.
The French cybersecurity company Sekoia has been tracking these hackers for two years, and has just published a new report on their activities in early March.
“ The collective is perhaps made up of a bunch of former soldiers, activists, cybercriminals, who have organized themselves to carry out their attack. As they manage to manage their group themselves, they are doing the Kremlin a favor by disrupting the other powers in the media while power is concentrated on Ukraine. », Explains Maxime Arquillière, analyst at Sekoia.
“ As for their financing, it is not impossible that they receive some funds from above to maintain their activity.é” he adds.
Targets of regular cyberattacks in France
For his part, “AG”, cyber expert at Sekoia, notes “ that the system is regularly updated. The way it was developed shows that they are professionals: we encounter many options, we can change the language, etc. We encountered a big change in the software recently. They know that cybersecurity companies are monitoring it. »
During the March 11 cyberattack against the State interministerial network by the Anonymous Sudan collective, the NoName057(16) group carried out its own attacks against two regions, Normandy and Guadeloupe, and a media outlet, the Agency France-Presse. “ They have a catalog of targets, which they constantly hit when focusing on one country » notes our interlocutor.
Anonymous Sudan, the author of the March 11 cyberattack, could also receive state funds. In addition, the group promotes its program for cybercrime and could find other means of remuneration with the same objective: to scare the European population.
If you liked this article, you will like the following: don’t miss them by subscribing to Numerama on Google News.