Pro-Russian hacker group targets over 50 Dutch websites in coordinated attack

A pro-Russian hacker group, NoName057(16), has launched a large-scale cyberattack on over 50 Dutch websites this week, marking the largest such attack on the Netherlands in two years. The National Cyber Security Centre (NCSC) is actively monitoring the situation, according to an analysis by NOS.

The attacks began on Monday and primarily targeted municipal and provincial websites, including those of the cities of Apeldoorn, Nijmegen, Breda, and Tilburg, which were temporarily unavailable. By mid-week, more than 50 additional websites had been targeted. These included sites related to transport companies, such as GVB (serving the Amsterdam area) and Arriva (operating mainly in northern and eastern Netherlands), as well as the newspaper NRC, which also experienced downtime.

The hacker group, which emerged shortly after Russia's invasion of Ukraine in 2022, has previously attacked private companies, especially those supplying the defense industry, and logistics firms within NATO member states. This is the first time in nearly a year that NoName057(16) has focused its efforts on the Netherlands. The group cited the Dutch government’s support for Ukraine, amounting to 3.5 billion euros, as the reason for the cyberattacks.

The attacks are categorized as Distributed Denial-of-Service (DDoS) attacks, where websites are flooded with massive amounts of data traffic, causing them to become inaccessible or slow to load for legitimate users. These types of attacks do not involve hacking into websites or stealing data.

Amaury Garçon, a French cybersecurity researcher tracking NoName057(16), stated that the group’s DDoS attacks aim to generate one-time media attention, rather than to cause permanent damage to the targeted websites. “They look for opportunities to target a specific country on a particular day,” he explained to NOS. “The goal is to have people talk about them and capitalize on the news cycle.”

The group frequently shares images of its successful media outreach on its Telegram channel, showcasing their targets and the attention they have garnered.

The NCSC has described NoName057(16) as a “Russian actor” and noted that the group appears to be driven by a pro-Russian ideological agenda. The cybersecurity center also emphasized that, while the group’s attacks are usually small in scale, they are seen as a form of "digital prank calling." However, larger-scale DDoS attacks can be a serious tool in the cyber arsenal of state actors or criminal organizations targeting Dutch entities.

The targeted provinces in the recent attacks included Drenthe, Groningen, Noord Brabant, Noord Holland, and Overijssel. Despite the symbolic nature of these attacks, the NCSC warns that they could escalate, posing a threat to national security and digital infrastructure.