Kevin BeaumontDec 7, 2023

NoName057(16) are targeting the UK today, so I shall start monitoring them and naming their targets and attack types.

Their targeting: https://raw.githubusercontent.com/GossiTheDog/Monitoring/main/NoName/targets_2023_12_07_11am.txt

Currently:
pa.eastcambs.gov.uk
politics.leics.gov.uk
www.liverpool.gov.uk
www.mil.be
www.bollington-tc.gov.uk
www.cranbrooktowncouncil.gov.uk
cert.be
my.swiftcard.org.uk
www.monarchie.be
www.premier.be
www.david-clarinval.be
www.dekamer.be
www.senaat.be

#threatintel #noname

Show threadKevin BeaumontDec 7, 2023
Note this list includes targets they haven't announced yet on Telegram.
Show threadKevin BeaumontDec 7, 2023
Keep up, NoName. Edit: to be clear I mean catch up as I already named these.
Show threadKevin BeaumontDec 7, 2023

quick question - would publishing the NoName DDoS targets in a format like this each day be valuable?

I just had a quick workflow play, I think I can do it.

#threatintel

Show threadKevin BeaumontDec 7, 2023
This is how NoName[16] are DDoSing West Yorkshire Metro.. apparently it's enough to cause Azure App Gateway to fall over.
Show threadKevin BeaumontDec 7, 2023
I wrote this up: https://doublepulsar.com/tracking-russias-noname057-16-attempts-to-ddos-uk-public-services-057e8ab54fe4
Show threadJasonBacon
@GossiTheDog Nice! Having that data would be helpful. They have been targeting Italian gov and agencies in the last months too
Dec 7, 2023 at 5:32pmWeb