In a politically motivated cyberattack campaign tied to the upcoming Austrian elections, pro-Russian hacker groups NoName057(16) and OverFlame have launched a series of distributed denial-of-service (DDoS) attacks on critical Austrian infrastructure. The attack spree, which began on September 16, has disrupted government websites, financial institutions, airports, and the Vienna Stock Exchange.
According to a threat advisory from Radware, the hackers are exploiting the ongoing tensions stemming from the Russia-Ukraine conflict, although NoName057 claims that the attacks are part of a test on Austria's cybersecurity readiness ahead of the elections. “We decided to visit Austria again to check on cybersecurity ahead of the upcoming elections,” the group stated on its Telegram channel.
This campaign has so far targeted over 40 organizations and institutions, including high-profile entities such as Wiener Borse, the country's stock exchange. The attacks coincide with Austria’s national elections scheduled for September 29, where polls suggest a lead by the far-right Freedom Party of Austria (FPÖ), expected to win 27% of the vote. The timing suggests that the attacks may be designed to sow distrust in the nation’s digital infrastructure just before voters head to the polls.
Who Are the Hackers?
NoName057(16) is a well-known pro-Russian hacktivist group that has previously carried out cyberattacks on Ukrainian, American, and European government agencies and private companies. Their attacks typically align with Russia’s geopolitical objectives, particularly targeting nations that support Ukraine. They have over two years of experience, using their well-organized network to conduct a variety of cyberattacks ranging from defacements to DDoS.
Meanwhile, OverFlame, a lesser-known but emerging hacktivist group, has specialized in attacks on government institutions and corporations in Europe and North America. While both groups have a history of using DDoS attacks, their collaboration in this campaign underscores the rising trend of like-minded cyber actors forming alliances to amplify the impact of their efforts.
Attack Methods and Tools
The hackers behind these attacks are employing sophisticated DDoS techniques, including highly evasive HTTPS flood attacks that are difficult to detect and mitigate. NoName057, in particular, has been leveraging Project DDOSIA, a crowdsourced botnet that enlists politically motivated individuals to install malware on their computers, turning them into part of a larger attack network. Contributors to this botnet receive financial rewards based on the success of their attacks, incentivizing participation in these politically charged cyber offensives.
This hybrid of hacktivism and financial incentive has allowed the attackers to scale their operations effectively, posing a significant challenge for Austrian cybersecurity teams attempting to quell the ongoing assault.
Political and Security Implications
This wave of attacks has raised concerns about the broader implications of politically motivated cyber operations, particularly as Austria heads into a critical election. As polling stations prepare to open, there is increasing anxiety that these disruptions could undermine voter confidence and create doubts about the security of the country’s digital and electoral infrastructure.
Security experts, including those at Radware, warn that this campaign may not be isolated and could inspire further attacks as elections near in other European nations. The growing sophistication and evasiveness of the techniques used by NoName057 and OverFlame highlight a new phase in cyber warfare—one where nation-state actors, aligned with or operating under the cover of hacktivist groups, target democratic processes and institutions through the digital sphere.
As Austria races to mitigate the damage from these attacks, it serves as a sobering reminder of the ever-evolving landscape of political cyber threats.
댓글