This is behind the massive pro-Russian cyber-attacks against Switzerland

Server overload attacks on Swiss targets continued unabated on Tuesday. Behind the DDoS attacks is a pro-Russian online collective called “NoName057(16)”. Members exchange information via the Telegram messaging service.

Who are the attackers targeting?

The DDoS attacks launched last week intensified on Monday, targeting federal government servers in particular.

More server overload attacks followed on Tuesday, including at airports across the country. For example against the website of the regional airport Grenchen SO. But the servers at Geneva International Airport were temporarily brought to their knees by the mass of requests.

The unknown criminals celebrated their allegedly resounding success with several posts on the Telegram channel. They dedicated images with a bear – the symbolic animal of Russia – to the successfully “shot down” targets.

The Swiss Army website at vgt.admin.ch was temporarily unavailable Tuesday morning. In the afternoon the website was normally accessible again.

The website of Engadin Airport, which suffered from malfunctions on Tuesday morning, was also accessible again as normal on Tuesday afternoon. Those interested in aviation made the same comment in eastern Switzerland.

At Telegram, the attackers link to the online service check-host.net. The “Down Time” of the website can be seen on the corresponding statistics pages for the individual Internet addresses (such as vgt.admin.ch).

How dangerous are these DDoS attacks?

These are not attacks by hackers in which secured IT networks are penetrated in a technically advanced manner in order to steal data or damage systems. DDoS attacks are something like cyber attacks. You could also say: a lot of smoke, little fire.

However, the damage caused by the offline time of websites and online services, which sometimes lasts for hours, should not be underestimated.

Why is Switzerland under attack?

In another Telegram channel, a manifesto of the group “NoName057(16)” published last year can be found, to which it still refers. It is aimed at voluntary donors.

Why are mass attacks expected again on Thursday?

Regarding the video broadcast of a speech by Ukrainian President Volodymyr Zelenskyy in the National Council Chamber on Thursday, the Federal Government’s National Center for Cybersecurity, or NCSC for short, said parliamentary services will do everything possible to ensure that everything went smoothly. For security reasons, there is no specific information about the measures, reports Keystone-SDA.

Who are the attackers and what are they getting out of it?

Judging by the posts in the relevant Telegram groups, these are Russian-speaking users. However, the self-proclaimed Russian patriots seem to be getting some encouragement from Western countries. Whether from Western Europe or North America.

In fact, even the most active DDoS fighters can look forward to financial compensationas we shall soon see.

At Telegram, the so-called “DDosia Project” apparently a volunteer project to use special software to help the pro-Russian hacktivist team carry out cyber attacks. There’s even online support to help newbies.

The fact is: With a certain basic technical knowledge or IT knowledge, it is possible for people all over the world to participate in the DDoS attacks. All you have to do is download and install software from Telegram and use a so-called VPN service to disguise your own internet address. You can then participate in the automated attacks at the touch of a button.

Anyone who wants to use the DDosia project’s software to participate in attacks must create a cryptocurrency account and log in to a specific server. In fact, the most active fighters can also receive financial compensation for their efforts. An explanatory article in the Russian language states:

PS: Telegram showed on Tuesday afternoon that the pro-Russian hacktivists are targeting another European country: the website of the Icelandic parliament was no longer accessible.

Sources

About the history: