For the past 24 hours, Swiss government and infrastructure websites have been crippled by a series of distributed denial-of-service (DDoS) attacks, claimed by a pro-Russian hacking group known as ‘NoName057(16)‘. The ongoing attacks are occurring just days ahead of a scheduled video address to the Swiss Parliament by Ukrainian President, Volodymyr Zelensky.

DDoS attacks function by overwhelming a site’s bandwidth with a massive amount of internet traffic, effectively preventing users from accessing the site. More Info from Cloudflare

The NCSC (Switzerland’s National Cyber Security Center), which is analyzing the attacks and planning appropriate countermeasures, confirmed the involvement of the NoName hacking group. However, despite such framing in other news media, the NCSC does not connect the incident to Zelensky’s upcoming address, scheduled for 15 June.

In their February-September 2022 Cyber Warfare Report, GroupSense identified NoName as emergent in March 2022. It considers them one of the most active groups specializing in “media intimidation”-related interventions in favor of Russian policy.

The attacks seem to have started been conceived on the 7th of June. On that day, members of the NoNameDDosia Project” team began discussing efforts in the Swiss Senate to approve weapons export exceptions for Ukraine. DDosia Project is a publicly available chat server, wherein users can submit links and a rationale for websites they deem to be “Russophobic.” Once a consensus is drawn, the work begins.

The attacks began on 12 June: The Russian National Holiday. They were announced with the following, extreme, nationalistic statement:

In another holiday post, they also accused Zelensky of being a so-called Bandera member when thanking Switzerland for joining in on the most recent package of EU sanctions.

As of the evening of June 13, the targets have included: Swiss Ministry of Justice and Police, Swiss Federal Office for Customs and Border Security, Swiss Federal Police Office, Ministry of the Interior, Südostbahn Railway Company (SOB), Swiss Post, Armed Forces of Switzerland, Bern Regional Airport, Grenchen Airport, Geneva International Airport, Samedan Airport, Heliswiss AG (a hellicopter airline), and Zimex Aviation.

A proof of work provided by NoName

Most of the websites are working, again, though with some downtime. The NCSC is not only analyzing the attacks, but also actively working to restore accessibility to the websites and services impacted as quickly as possible.

The attacks are still ongoing. Since the attacks have begun, the group has also claimed credit for DDoS events in Iceland. As of 2020 Central European Time, the website of Iceland’s Supreme Court is still unreachable.