Analysis of NoName057(16) DDoS Operations

This technical report details the activities of the pro-Russian hacktivist group NoName057(16), which has targeted over 3,700 unique hosts, primarily government and public-sector entities in European nations opposing Russia's invasion of Ukraine, from July 2024 to July 2025. The report outlines the group's operational structure, including a multi-tiered infrastructure with rapidly rotated command-and-control servers. It highlights the group's high operational tempo, averaging 50 unique targets daily, and discusses the geopolitical context influencing their activities. The report also presents findings from a technical analysis of the DDoSia tool used by NoName057(16) for conducting application-layer DDoS attacks. Additionally, it covers the implications of Operation Eastwood, an international law enforcement operation aimed at disrupting the group's activities. The report emphasizes the need for organizations to adopt layered DDoS protection strategies and maintain situational awareness to counter such threats effectively.