NoName Ransomware Targets Spanish And German Institutions

The Cyber Express team attempted to verify these claims by reaching out to the allegedly implicated organizations.

by Samiksha Jain May 31st, 2024

Share on LinkedInShare on Twitter

The NoName ransomware group has claimed responsibility for a series of cyberattacks targeting key institutions in Spain and Germany. The group’s latest alleged victims include the Royal Household of Spain, Corts Valencianes, and the Government of the Principality of Asturias, as well as German entities such as Energie Baden-Württemberg AG, Leistritz AG, and Aareal Bank AG.

In a message posted on a dark web forum, NoName declared, “We continue attack on the Spanish internet infrastructure and destroy the state websites of Russophobic authorities.”

Source: X

Source: X

Similarly, they stated regarding Germany, “We continue to punish Germany and destroy several websites of this Russophobic country.” These statements underscore the group’s purported motive of targeting entities they deem as “Russophobic.”

Source: X

Source: X

Despite these bold claims, the NoName group has not provided concrete evidence or detailed context regarding the nature and impact of these alleged cyberattacks. The Cyber Express team attempted to verify these claims by reaching out to the allegedly implicated organizations.

As of the writing of this report, no responses have been received from the officials of the alleged target companies, leaving the claims unverified.

Upon accessing the official websites of the listed Spanish and German companies, no disruptions or signs of cyberattack were observed, as the websites were fully functional. This raises questions about the veracity of NoName’s claims and the potential for misinformation as a tactic in their cyber operations.

Historical Context of NoName Ransomware Cyber Activities

This isn’t the first instance of NoName targeting prominent organizations. In April 2024, the group allegedly launched a cyberattack on Moldova, affecting key government websites such as the Presidency, Ministry of Foreign Affairs, Ministry of Internal Affairs, and the State Registry.

These websites were rendered inaccessible, displaying the message, “This Site Can’t be Reached.” The attack hinted at a politically motivated agenda, though NoName did not explicitly disclose their motives.

In March 2024, NoName targeted multiple websites in Denmark, including significant entities like Movia, Din Offentlige Transport, the Ministry of Transport, Copenhagen Airports, and Danish Shipping. Similarly, in January 2024, the group attacked high-profile websites in the Netherlands, including OV-chipkaart, the Municipality of Vlaardingen, the Dutch Tax Office (Belastingdienst), and GVB.

More recently, NoName’s cyber onslaught on Finland raised further alarms. Finnish government organizations, including Traficom, the National Cyber Security Centre Finland (NCSC-FI), The Railways, and the Agency for Regulation and Development of Transport and Communications Infrastructure, faced temporary inaccessibility due to DDoS attacks.

Implications and the Need for Vigilance

The sophistication and scale of NoName ransomware operations, combined with their apparent political motives, highlight the urgent need for enhanced cybersecurity measures and international cooperation. The rising frequency of cyberattacks targeting governmental institutions across Europe demands a coordinated response from both national and international cybersecurity agencies.

If NoName’s recent claims about targeting Spain and Germany are proven true, the implications could be far-reaching. Cyberattacks on such critical institutions could disrupt governmental functions, compromise sensitive data, and undermine public trust. However, any definitive conclusions must await official statements from the allegedly targeted companies in Spain and Germany.

The alleged ongoing cyberattacks by NoName ransomware serve as a reminder of the persistent and evolving threat landscape. As the investigation continues, the cybersecurity community must remain vigilant and proactive in protecting digital infrastructure from such malicious actors.


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button