The central governing body of Switzerland, located in Bern, has confirmed that several Swiss federal departments were affected by distributed denial-of-service assaults on Wednesday. These cyber-attacks resulted in short-term outages for some of their public websites. The responsibility for these cyber disruptions was claimed by a Russian activist hacker group that identifies itself as NoName057(16), otherwise known as NoName.
“Typically, cyber attackers leverage attacks on a website’s accessibility to draw the media’s spotlight towards their agenda,” stated the Swiss officials. “They accomplish this by bombarding a website with an enormous number of requests, essentially overloading it and causing a temporary shutdown. However, it’s worth noting that during a DDoS attack, there’s no loss or compromise of data.”
On January 10, the Swiss officials issued warnings to all vital infrastructure entities to brace themselves for potential attacks. These attacks were anticipated to align with the presence of Ukraine’s President, Volodymyr Zelenskyy, at the yearly World Economic Forum gathering in Davos. The event kicked off on Monday and will wrap up on Friday.
The Swiss National Cyber Security Center, according to the government, was able to “swiftly identify” the DDoS attacks. Furthermore, the federal administration’s experts immediately sprung into action to reinstate access to the impacted websites in no time. The NCSC of Switzerland has made public a list of the 949 unique IP addresses that were implicated in these attacks.
Mind Games in Cyberspace
With the onset of the unlawful full-scale attack on Ukraine by Russian President Vladimir Putin in February 2022, a number of alleged hacktivist collectives have risen to prominence. These groups profess their independence from Moscow, but their actions coincide with its objectives. Among these are NoName, which emerged in March 2022, KillNet, self-defined as a “private military hacker firm”, and its intriguingly well-resourced offshoot, Anonymous Sudan.
Mandiant, the incident response team of Google Cloud, has disclosed that the assault tactics of KillNet and similar groups often result in “brief, superficial effects.” The primary victims continue to be Ukraine and its associates in NATO and the EU.
Regardless of these collectives being directly controlled by Moscow or functioning more like self-sufficient agencies, it’s perhaps scholarly to note, that their efforts to promote a pro-Putin agenda seem to be predominantly effective.
Certainly, the true motive behind these DDoS assaults – and sporadic data breaches – seem to be more of a mind game. “While they might manage to execute a significant event, it’s crucial to recognize that the immediate impact is not as valuable to them as destabilizing our feeling of safety,” stated John Hultquist, the lead analyst at Mandiant.
Extensive Utilization of ‘Complimentary or Economical’ Services
Certain initiatives appear rather agile. A recent study by NetScout Systems indicates that NoName “makes extensive use of complimentary or inexpensive public cloud and web services,” incorporating content distribution networks, “as a springboard for DDoS botnets that inundate target web servers,” and that its assaults usually involve only “HTTP/HTTPS floods designed to exhaust targets’ bandwidth and resources.”
NoName has engineered a botnet named DDoSia, which integrates with a universal attack instrument bearing the same name and is compatible with Windows, Linux, and Mac systems, as per NetScout. Through this botnet, the cluster can monitor each DDoSia user and has pledged to compensate top contributors with cryptocurrency. Since the previous November, this has involved a unique token developed by NoName, known as dCoin, which can be exchanged for TON coins.
NoName leverages “volunteers driven by ideology” to launch its disruptive attacks from multiple, frequently legitimate, sources, according to NetScout. Upon investigating one such attack on a client by NoName, the company discovered that the majority of the attack traffic originated from a CDN – which the researchers chose not to disclose. It seemed that it took approximately four hours for the CDN to identify and then try to prevent the misuse of its services.
Switzerland’s Recurring Cyber Assaults
This isn’t the inaugural episode of Swiss government websites falling prey to DDoS onslaughts. The hacker group NoName claimed responsibility for the attempted interferences back in June 2023, which encompassed application-layer DDoS attacks. As a result, a number of prestigious agencies’ web platforms – such as those belonging to the Swiss Parliament, Swiss Post, and Swiss Federal Railways – were openly unavailable. While most were incapacitated for a mere few hours, a handful were down for multiple days.
After a thorough investigation, Swiss officials reported that the cyber-attacks resulted in minimal disturbance, given that the majority of the targeted agencies were adequately prepared and no significant data was leaked during the incident. They suggested that the cyber-attacker’s true aim was to capture the attention of the media, the public, and the political sphere.
The objective of the pro-Russian cyber collective, NoName, was to express their political objections triggered by a sequence of actions undertaken by the Swiss Parliament. These actions entailed the shipment of warfare equipment to third-party nations and the disclosure of President Zelenskyy’s speech to the Swiss Parliament, according to the government.
The disturbances probably fulfilled the objectives of the group that identifies itself as hacktivists, and consequently, those of Moscow. Swiss officials pointed out that the numerous targets and the political significance of the Ukrainian President Volodymyr Zelenskyy’s speech to the Swiss Parliament resulted in the DDoS attacks attracting extensive media attention. Due to this broad coverage, the group achieved the widespread public notice they were aiming for.