NoName ransomware group has allegedly targeted multiple Ukrainian government websites. The latest victims of the alleged NoName ransomware attack on Ukraine include Accordbank, Zaporizhzhya Titanium-Magnesium Plant, State Tax Service, Central Interregional Tax Administration, Western Interregional Tax Administration, and the Main Directorate of the State Tax Service in Kyiv.

The Cyber Express tried to verify the claims made by the threat actor and found the website of Zaporizhzhya Titanium-Magnesium Plant operational at the moment. The latter websites listed by the NoName ransomware group faced disruptions and connectivity issues displaying “403 forbidden” and other error messages.

NoName Ransomware Attack on Ukraine

The NoName ransomware group has posted a list of their latest DDoS attack victims on their dark web leak portal. Screenshots of the dark web post were shared on Twitter. The message on the screenshot taken from the dark web reads, “We continue to nightmare Ukrainian sites (evil emoji)”.

The websites for Ukraine’s State Tax Service, Central Interregional Tax Administration, Western Interregional Tax Administration, and the Main Directorate of the State Tax Service, displayed bad gateway and error messages on each of the websites.

The websites of the Central Interregional Tax Administration, Western Interregional Tax Administration, and the Main Directorate of the State Tax Service are linked to the main website of Ukraine’s State Tax Service.

Hence, it seems that the NoName ransomware attack on Ukraine’s State Tax Service has also impacted the other linked websites.

The website of Ukraine’s Accordbank displayed a “403 Forbidden” error message. Here is a screenshot of the same.

The website of the Ukrainian State Tax Service displayed a message, “This site can’t be reached. tax.gov.ua took too long to respond”. A screenshot of the same is attached below.

The websites of the Central Interregional Tax Administration, and the Main Directorate of the State Tax Service in Kyiv also displayed the same error message as the Ukrainian State Tax Service website.

Incidents Similar to NoName Ransomware Attack on Ukraine

Since the war between Russia and Ukraine broke out, several hacktivist groups from both sides have been found targeting each other. These hacker groups are either backed by government agencies or commit cybercrimes as an act of patriotism towards their nation.

Prior to the NoName ransomware attack on Ukraine, the hacker collective has also launched cyberattacks on multiple Finnish government websites. The group wrote on the dark web, “Finland continues to receive our New Year’s gifts (evil smile emoji)”.

From what we could understand, it was an attempt to disrupt the critical infrastructure of Finland and cause havoc for the Finnish citizens. All the victims of NoName DDoS attacks on Finland were government organizations related to transport facilities.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Related