#NoName reran a bunch of prior targets over the past 3 days, e.g. the targeting of the same UK sites again. #threatintel

Some new targets this morning:

www.vfgh.gv.at
immobilien.oebb.at
www.ris.bka.gv.at
www.railtours.oebb.at
bcc.oebb.at
authportal.oebb.at
www.oebb.at
www.e-steiermark.com
www.bmeia.gv.at
presse.oebb.at
bahnhofcitywienwest.oebb.at
shop.oebb.at
serviceline.oebb.at
presse-oebb.at
tsprodsam.oebb.at
apa.at
www.kelag.at

Target list: https://github.com/GossiTheDog/Monitoring/tree/main/NoName

#NoName plan to announce Sweden as DDoS targets later today.

Targets:

www.sundsvallshamn.se
www.norrtag.se
www.vasttrafik.se
login.vasttrafik.se
www.polisen.se
www.msb.se
login.msb.se
www.transportstyrelsen.se
www.digg.se
www.sjofartsverket.se
international.stockholm.se
goteborg.se
malmo.se
www.uppsala.se
www.linkoping.se
www.orebro.se
www.vasteras.se
www.eskilstuna.se
www.vgregion.se

Target list and config: https://github.com/GossiTheDog/Monitoring/tree/main/NoName

I have all of NoName's targeting in Excel if data needed.

#NoName DDoS will be going to Italy today.

Their target list:
www.giorgiameloni.it
www.porto.trieste.it
port.taranto.it
www.sinfomar.it
amat.cloud.eleagol.it
www.sienamobilita.it
www.gtt.to.it
www.ctmcagliari.it
actv.avmspa.it
telematicoprova.adm.gov.it
richiestamodifiche.adm.gov.it
iampe.adm.gov.it
telematico.adm.gov.it
www.consob.it
www.assosim.it
www.agcm.it

Target list and config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2023_12_21_10am.txt

#threatintel

#NoName DDoS Finland today, as usual they failed to DDoS most of their targets properly.

www.hsl.fi
portofhanko.fi
www.kyberturvallisuuskeskus.fi
www.expressbus.fi
www.ssvoy.fi
virtuaali.vayla.fi
sso.vayla.fi
extranet.vayla.fi
www.traficom.fi
extidpevaluointi.traficom.fi
extidptesti.traficom.fi
ikkuna.traficom.fi
eservices.traficom.fi
paarautatieasema.fi
www.ely-keskus.fi
www.op.fi
www.suomenpankki.fi
www.vero.fi
www.a-katsastus.fi

Target list and config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2023_12_22_11am.txt #threatintel

#NoName swapped some of their targets

www.hsl.fi
portofhanko.fi
www.edi.admin.ch
www.sob.ch
www.kyberturvallisuuskeskus.fi
www.expressbus.fi
www.ssvoy.fi
virtuaali.vayla.fi
sso.vayla.fi
extranet.vayla.fi
www.traficom.fi
extidpevaluointi.traficom.fi
extidptesti.traficom.fi
ikkuna.traficom.fi
paarautatieasema.fi
www.op.fi
www.suomenpankki.fi
www.hotelleriesuisse.ch

Config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2023_12_22_8pm.txt #threatintel

#NoName are targeting the UK again today… but it’s the same targets for the last four weeks.

I think it is state sponsored operation as they’re trying to meet targets and look busy.. they make even cyber hacktivism boring. I imagine David Brent is the office manager, doing an OKR dance.

#threatintel

#NoName DDoS target list today

www.vfgh.gv.at
www.ris.bka.gv.at
pa.eastcambs.gov.uk
politics.leics.gov.uk
www.a1.group
www.e-steiermark.com
www.liverpool.gov.uk
www.bmeia.gv.at
www.oesterreich.gv.at
www.oebag.gv.at
apa.at
www.cranbrooktowncouncil.gov.uk
www.wymetro.com
travelsouthyorkshire.com
mytsy.travelsouthyorkshire.com

Botnet config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2023_12_23_1pm.txt

#threatintel

#NoName DDoS targets for Xmas eve, mix of Sweden and Italy.

www.porto.trieste.it
port.taranto.it
www.sinfomar.it
www.norrtag.se
www.vasttrafik.se
login.vasttrafik.se
www.assosim.it
www.transportstyrelsen.se
www.digg.se
www.sjofartsverket.se
international.stockholm.se
goteborg.se
malmo.se
www.uppsala.se
www.orebro.se
www.vasteras.se
www.eskilstuna.se

Botnet config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2023_12_24_6pm.txt

#threatintel

#NoName DDoS targets on Xmas Day 🎄

Netherlands and Iceland, includes a bike shed.

over.gvb.nl
www.haestirettur.is
www.althingi.is
www.isavia.is
www.cert.is
www.ov-chipkaart.nl
login.ov-chipkaart.nl
www.ov-nl.nl
www.maa.nl
www.rijkswaterstaat.nl
www.bngbank.nl
www.snsbank.nl
mijn.belastingdienst.nl
services.belastingdienst.nl
bft-plein.bureauft.nl
9292.nl
www.macbike.nl
a-bike.nl
bikecity.nl

Botnet config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2023_12_25_4pm.txt

#NoName DDoS targets today will be in Lithuania

www.siauliai-airport.com
avia.lt
www.adrem.lt
www.linava.lt
autobusustotis.lt
www.vv.lt
elpako.lt
eismoinfo.lt
www.klaipedatransport.lt
www.kvt.lt
www.ollex.lt
nlbus.lt
www.veza.lt
lakd.lt
www.lietuvoskeliai.lt
www.bite.lt
mano.bite.lt
www.cgates.lt
tavo.cgates.lt
init.lt
sso.init.lt
www.balticum.lt
www.manobalticum.lt

Botnet config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2023_12_26_1pm.txt

#threatintel

If it helps anybody prepare for attacks like this, here's an example - init.lt is a telco in country, here's the attacker config.

The infrastructure is on prem.
#NoName don't have much bandwidth as Ddosia is small, what they rely on is webapps failing over under stress.

Each campaign NoName run has a unique ID - when they find an easily downable target, they save the target campaign details and rerun it in the future over and over again on different days to make themselves appear busy.

#NoName DDoS targets for today are in Czech Republic.

www.mfcr.cz
www.army.cz
aobp.cz
www.mpsv.cz
www.penize.cz
www.cssz.cz
mmr.gov.cz
www.kdpcr.cz
www.alv-cr.cz
www.egap.cz
www.kbp.cz
www.komora.cz
uohs.gov.cz
www.soud.cz
www.nku.cz
www.justice.cz
www.nkcr.cz

Botnet config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2023_12_27_10am.txt

#threatintel

#NoName will announce targeting of UK later today. Some new targets this time.

Targets:
pa.eastcambs.gov.uk
www.merlinscottassociates.co.uk
politics.leics.gov.uk
www.liverpool.gov.uk
www.britishchambers.org.uk
www.cranbrooktowncouncil.gov.uk
www.wymetro.com
my.swiftcard.org.uk
ukfinanceproducationb2c.b2clogin.com
www.moneyhelper.org.uk
www.northlinkferries.co.uk
www.justice.gov.uk
www.cbi.org.uk
www.scottishchambers.org.uk

Botnet config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2023_12_28_10am.txt

#threatintel

Does anybody have NCSC UK contacts who could give Cranbrook Town Council a heads up they need to hide their origin server?

They went behind Cloudflare as this is the 4th time, but they left their web server on Zen Internet exposed to everybody - so the attackers are still targeting that. It’s in the spreadsheet screenshot above.

#NoName DDoS targets today in Finland

www.kyberturvallisuuskeskus.fi
www.traficom.fi
extidpevaluointi.traficom.fi
extidptesti.traficom.fi
ikkuna.traficom.fi
extidp.traficom.fi
www.op.fi
www.suomenpankki.fi
www.tilastokeskus.fi
tem.fi
valtioneuvosto.fi
www.autotuojat.fi
intermin.fi
www.defmin.fi
helsinki.chamber.fi
www.wtc.fi
kauppakamari.fi
korkeinoikeus.fi
vnk.fi
arbitration.fi
paaomasijoittajat.fi

Botnet config: https://github.com/GossiTheDog/Monitoring/tree/main/NoName

#threatintel

#NoName DDoS targets today are Lithuania and Netherlands

www.adrem.lt
www.vv.lt
www.ov-chipkaart.nl
login.ov-chipkaart.nl
www.bngbank.nl
services.belastingdienst.nl
www.kvt.lt
9292.nl
a-bike.nl
www.lietuvoskeliai.lt
www.bite.lt
mano.bite.lt
www.cgates.lt
init.lt
www.balticum.lt
www.manobalticum.lt

Botnet config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2023_12_30_4pm.txt

#threatintel

#NoName last DDoS targets of the year, really low effort stuff - just reruns of old campaigns again, largely unsuccessful.

www.army.cz
www.liverpool.gov.uk
www.cranbrooktowncouncil.gov.uk
my.swiftcard.org.uk
ukfinanceproducationb2c.b2clogin.com
www.moneyhelper.org.uk
aobp.cz
www.kdpcr.cz
www.alv-cr.cz
www.egap.cz
www.kbp.cz
www.komora.cz
www.nku.cz
www.nkcr.cz
www.justice.gov.uk
www.cbi.org.uk

Botnet config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2023_12_31_3pm.txt

#NoName DDoS targets for today, which is another rerun on Finland.

www.hsl.fi
www.kyberturvallisuuskeskus.fi
virtuaali.vayla.fi
extranet.vayla.fi
www.traficom.fi
extidpevaluointi.traficom.fi
extidptesti.traficom.fi
ikkuna.traficom.fi
www.op.fi
www.suomenpankki.fi
www.tilastokeskus.fi
helsinki.chamber.fi
kauppakamari.fi
arbitration.fi
paaomasijoittajat.fi

Botnet config: https://github.com/GossiTheDog/Monitoring/tree/main/NoName

#NoName DDoS targets today.. Italy again, pretty lazy, same targets, not very successful again.

www.giorgiameloni.it
www.porto.trieste.it
port.taranto.it
www.sinfomar.it
amat.cloud.eleagol.it
www.sienamobilita.it
www.gtt.to.it
www.ctmcagliari.it
www.trentinotrasporti.it
telematicoprova.adm.gov.it
richiestamodifiche.adm.gov.it
iampe.adm.gov.it
telematico.adm.gov.it
www.consob.it
www.assosim.it
www.agcm.it

Botnet config: https://github.com/GossiTheDog/Monitoring/tree/main/NoName

#threatintel

#NoName DDoS targets in Poland today.

www.trentinotrasporti.it
www.skm.pkp.pl
epuap.gov.pl
ebok.gkpge.pl
metro.waw.pl
www.sejm.gov.pl
plusbank.pl
plusbank24.pl
www.pekao.com.pl
pfrventures.pl
www.pfrtfi.pl
www.rbinternational.com.pl
www.port.gdynia.pl
www.pkobp.sponsorpanel.pl
www.pekao-fs.com.pl
nbp.newamsterdam.pl
cert.pionier.gov.pl
kghm.com
polskieradio24.pl

Botnet config: https://github.com/GossiTheDog/Monitoring/tree/main/NoName

#threatintel

#NoName DDoS targets today.. Spain.

www.lamoncloa.gob.es
www.casareal.es
www.puertos.es
mpt.gob.es
www.isdefe.es
www.mjusticia.gob.es
www.tribunalconstitucional.es
sede.ine.gob.es
www.abanca.com
www.bancocooperativo.es
www.cajaruralgranada.es
www.grupocajarural.es
www.ine.es
www.metromadrid.es
www.metrovalencia.es
www.turgranada.es
metropolitanogranada.es
www.incibe.es
www.emtvalencia.es
www.transportepublico.es

Botnet config: https://github.com/GossiTheDog/Monitoring/tree/main/NoName

#threatintel

#NoName plan to announce attacks against banking in NATO countries and Ukraine later today, along with a few other 'hacktivist' groups.

They're starting with Ukraine, they will announce some of these.

Botnet config is long today: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2024_01_10_10am.txt

#threatintel

Some #NoName DDoS target changes on Ukraine banks.

Botnet config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2024_01_10_11am.txt

#threatintel

#NoName targets for today

www.adrem.lt
www.lietuvoskeliai.lt
www.bite.lt
mano.bite.lt
www.cgates.lt
init.lt
www.balticum.lt
www.manobalticum.lt
www.ld.lt
www.ergo.lt
www.compensa.lt
www.if.lt
www.bta.lt
www.gjensidige.lt
www.pzu.lt
lrkt.lt
www.lvat.lt
www.nksc.lt
www.tietoevry.com

Botnet config: https://github.com/GossiTheDog/Monitoring/tree/main/NoName

#threatintel

#NoName targets for today are all in Latvia - whose gov protect the host of the C2 server that is hardcoded into binaries (94.140.115.89)

myyk.inges.ee
tenders.blrt.ee
pasts.lv
www.evr.ee
marketplace.e-resident.gov.ee
www.saeima.lv
epp.energia.ee
www.mk.gov.lv
cert.lv
express.pasts.lv
www.tallinn.ee
www.nordica.ee
saraksti.rigassatiksme.lv
www.autoosta.lv
nasdaqbaltic.com
www.citadele.lv
www.rietumu.com
www.edoks.lv
www.mnt.ee
pilet.ee
www.ecaa.ee
company.inbox.lv
www.chamber.lv

#threatintel

#NoName targets for today - mix of Germany and Finland.

www.bzst.de
e-accounting.talanx.com
www.hamburger-feuerkasse.de
www.kyberturvallisuuskeskus.fi
www.mvg.de
www.rmv.de
www.vgn.de
www.balm.bund.de
www.op.fi
www.suomenpankki.fi
www.dortmund.de
www.bremen.de
www.rostock.de
www.bielefeld.de
kauppakamari.fi
energia.fi
www.tek.fi
oikeus.fi
www.kuntaliitto.fi
www.kuluttajariita.fi

Botnet config, 329 lines: https://github.com/GossiTheDog/Monitoring/tree/main/NoName

#threatintel

Yesterday's #NoName targets - Ukraine and Lithuania

www.mtb.ua
accordbank.com.ua
www.adrem.lt
credit-agricole.ua
online.credit-agricole.ua
corpexpreprod.credit-agricole.ua
capluspro.credit-agricole.ua
premium.credit-agricole.ua
cabinet.credit-agricole.ua
www.pravex.com.ua
online.pravex.ua
www.lietuvoskeliai.lt
www.bite.lt
mano.bite.lt
www.cgates.lt
init.lt
www.balticum.lt
www.compensa.lt
www.if.lt
www.bta.lt

Botnet config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2024_01_14_3pm.txt

#threatintel

Today's #NoName targets - United Kingdom, Germany and France.

Botnet config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2024_01_15_2pm.txt

#threatintel

#NoName have added www.bundesfinanzministerium.de to their target list. It didn't take the site offline.

Config: https://github.com/GossiTheDog/Monitoring/blob/main/NoName/targets_2024_01_15_3pm.txt

#threatintel