Pro-Russian Hacker Group Gamifies Cyberattacks on Europe With Crypto Rewards – Investigation - The Moscow Times
www.themoscowtimes.com
A pro-Russian hacker group accused by European authorities of carrying out cyberattacks against governments, banks and infrastructure across the West has turned participation in cybercrime into what it calls a “patriotic online game,” recruiting volunteers through Telegram and rewarding them with cryptocurrency.

A pro-Russian hacker group accused by European authorities of carrying out cyberattacks against governments, banks and infrastructure across the West has turned participation in cybercrime into what it calls a “patriotic online game,” recruiting volunteers through Telegram and rewarding them with cryptocurrency.

The group, NoName057(16), has claimed responsibility for waves of distributed denial-of-service (DDoS) attacks on public institutions and private companies across Europe since Russia’s full-scale invasion of Ukraine in 2022. Western intelligence agencies and Europol say the hackers function as part of Russia’s broader hybrid war against countries supporting Kyiv.

An investigation by the Poland-based news outlet Vot Tak, conducted with cybersecurity experts from RKS.Global, found that the group’s activity has not diminished despite a major Europol-led crackdown in July 2025 known as Operation Eastwood.

One of the group’s most visible campaigns came during Denmark’s municipal elections in November 2025. Fearing disruptions, local authorities installed backup generators, printed paper voter lists and bought camping lanterns for polling stations in case of outages.

The precautions followed waves of cyberattacks that temporarily disrupted Danish government websites, political parties, municipal administrations, police services, railway operators and a defense company.

Responsibility was claimed by NoName057(16), which had warned in a private channel days earlier that Denmark would be its next target.

Initially focused on Ukrainian media and government websites, it later expanded across Europe and beyond, targeting countries that support Kyiv, including the U.S., Canada, Israel and Taiwan.

The group’s operations rely on software called DDoSia, which experts say is simple enough for non-specialists to install.

RKS.Global researchers downloaded and analyzed the program for Vot Tak. Available for Windows, Linux, macOS and Android, it can be installed on phones, computers and even routers.

Once installed, the software effectively turns the device into a participant in cybercrime.

Users do not choose targets themselves. NoName057(16) administrators send attack configurations from rented control servers, specifying which domains or IP addresses should be hit. After receiving those instructions, the infected device automatically begins generating traffic against the selected targets.

Web Archive link