Hackers Targeting the Czech Republic and Ukraine: Divided Goals

In a series of massive DDoS attacks that disrupted numerous domestic servers on Tuesday, cyber security firm Check Point has warned that pro-Russian hacker groups continued their assaults to a lesser extent on Wednesday. These groups operate with a high level of organization and have specific targets assigned to them.

According to Peter Kovalčík, a security expert at Check Point, the Russian hacktivist group NoName057(16) has once again focused on the Czech Republic, mainly targeting the websites of significant state institutions. Users may experience unavailability issues with websites such as the Office of the Government, Senate, Chamber of Deputies, Ministry of Foreign Affairs, Czech Police, Land Fund of the Czech Republic, Czech Financial Administration, and the Prague Public Transit Company, as well as the Prague Airport.

Unlike Tuesday, when the attacked websites were unavailable for several hours, on Wednesday, people in the Czech Republic only sporadically experienced disruptions on the affected websites.

The attacks in Europe and Ukraine are not limited to NoName057(16). Another significant pro-Russian group, Killnet, actively launches attacks across the continent, while the Cyber Army of Russia primarily focuses on Ukraine. One recent target of the Cyber Army of Russia was the Ukrainian cable manufacturer Cablex. These attacks are coordinated.

Security experts have been closely monitoring the activities of these hacker groups against countries that either support Ukraine or express non-pro-Russian viewpoints.

As hacktivist groups attempt to exploit cyberspace as an additional battleground, organizations must exercise extreme caution and employ the best security solutions and preventive measures. Similar attacks are expected to increase in frequency.

The recent massive DDoS attacks in the Czech Republic were directly linked to the International Crimean Platform Summit. Avast, an antivirus company that extensively analyzed the cyber onslaught, reported that the attacks were carried out through a voluntary platform called DDosia, a botnet managed by members of the pro-Russian group NoName057(16). These hackers boasted about their achievements on Telegram.

Pavel Klimeš from Gen Digital, the parent company of Avast, stated that NoName057(16) has been targeting countries supporting Ukraine since the beginning of the conflict. Initially, they attacked the websites of news servers reporting on Russia’s aggression in Ukraine. Subsequently, they expanded their targets to include companies, state institutions, and European organizations that expressed support for Ukraine.

The group’s activities are not limited to cyberattacks. At the end of August, they targeted most Czech banks, including Komerční banka, Air Bank, Fio Banka, ČSOB, and Česká spořitelna, causing significant disruptions to their online services.

Among the websites rendered inaccessible due to the attacks on Tuesday were crimea-platform.org (International Crimean Platform), ppu.gov.ua (Ukrainian President’s Mission to the Autonomous Republic of Crimea), pspen.psp.cz (Chamber of Deputies of the Czech Republic), www.coi.cz (Czech Trade Inspection), www.prg.aero (Prague Airport), www.dpp.cz (Prague Public Transit Company), www.marketaadamova.cz (Chairwoman of the Chamber of Deputies of the Czech Republic), www.mvcr.cz (Ministry of the Interior of the Czech Republic), www.mzv.cz (Ministry of Foreign Affairs), www.policie.cz (Czech Police), www.senat.cz (Senate of the Czech Republic), and www.vlada.cz (Government Office of the Czech Republic).

Security experts have warned that the strength of these groups is growing, and they have begun targeting more sensitive institutions with significant media impact. A successful attack can damage the reputation of the targeted institution and result in substantial financial losses, especially when their online financial services are unavailable. However, most disruptions typically last only a few hours as administrators of the attacked servers efficiently resolve the issues.

While the institutions’ data are not at risk during DDoS attacks, the overwhelming number of requests directed at their servers temporarily renders the websites inaccessible to most visitors.

The National Cyber and Information Security Agency (NCISA) has repeatedly warned about the rise in cyber attacks, including DDoS attacks. In August and September, the number of incidents detected in the Czech Republic was above average. While only 13 incidents were registered in July, the numbers increased to 27 in August and 21 in September.

With the increasing frequency of cybernetic attacks, organizations must remain vigilant and implement robust security measures and preventive defenses.