NoName Ransomware Gang Hits Multiple German Government Ministries

Date:

April 11, 2023

World map

The pro-Russian NoName ransomware group, known to launch attacks in retaliation for sanctions imposed against Russia, has claimed attacks against multiple German government ministries, including:

  • Germany’s Federal Central Tax  
  • Federal Constitutional Court  
  • Federal Intelligence Service  
  • Federal Officer for the Protection of the Constitution  
  • Federal Supreme Court  
  • Supreme Court of Labour Disputes  
  • Ministry of Foreign Affairs  
  • Federal Ministry of Transport and Digital Infrastructure

“At the time of writing, most of the listed German websites were not accessible. The website (sic) were failing to load and displaying ‘this site can’t be reached’ message without any error code,” the Cyber Express reported.

Takeaway: There is a great deal of overlap between Russian nation-state operations and those of Russian cybercriminal syndicates. These ransomware operators openly share intelligence with the Russian government, and at times they appear to be heavily influenced by - or even under the direct control of - the Russian government, as evidenced by attacks like this in Germany.

Russia exploits the "fog of ransomware attacks" to further their geopolitical agenda while enjoying a level of plausible deniability in their making espionage and disruptive ransomware attacks appear to be criminally motivated. This is why these well-known Russian ransomware gangs are able to launch attacks against Western targets without fear of any consequences.  

There is the exception where cracking down on some low-level players for the sake of the media serves the Russian government’s larger strategy, as we saw with the arrests of several REvil members in early 2022. But you can be assured that Russian authorities did not make the arrest out of concern about illegal operations – it was likely just a PR ploy.

We also saw that Russian ransomware gang activity took a noticeable dip at the beginning of the conflict in Ukraine, which is a pretty clear indication that many of the Russian ransomware operators are heavily influences or directly controlled by the Russian government and were likely redirected to support the war effort.

It should come as no surprise that the NoName group has also been observed targeting Ukraine, where reports estimate that cyberattacks have tripled in the past year.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.