They claim to want to “revenge” Russia for European nations and their support for Ukraine. Hackers from the pro-Moscow group NoName057 (16) are in the crosshairs of the authorities of many European nations. Since March 2022, the date of its creation in the wake of the Russian invasion of Ukraine, the collective has carried out multiple destabilization operations on the Old Continent by attacking dozens of private and public infrastructures. During this holiday season, the group is resurfacing in France: it has just claimed responsibility for the cyberattack that hit La Poste on Monday December 22, slowing down several of its services. Two days later, the group was still affected by the problem this Wednesday.
A pro-Russia group opposed to countries supporting kyiv
The investigation into the incident, entrusted to the General Directorate of Internal Security (DGSI), will have to determine the real responsibility of NoName057 (16) in this matter. Nothing proves at the moment that the collective is indeed at the origin of the disruption of the company: many pirate organizations actually have the habit of claiming actions that they have not necessarily committed as an opportunity. “All their demands are accompanied by outrageous pro-Russian propaganda on their Telegram channel,” notes ethical hacker Clément Domingo, known under the pseudonym SaxX on social networks, on his X account.
But, beyond this episode, the group has already been talked about on numerous occasions in France. In 2023, cybersecurity experts notably showed that NoName057 had carried out an attack against the National Assembly website. Without serious consequences on the functioning of Parliament, this hack still took the Lower House’s web portal offline for several hours. On its channels, pro-Russian hackers took the opportunity to unfold the usual Kremlin narrative. “We decided to repeat our recent trip to France, where the protests against Macron, who has decided not to care about the French and continues to serve Ukrainian neo-Nazis, are not calming down,” they then launched on their Telegram channel.
Elsewhere in Europe, NoName057 (16) figures to be one of the main groups of pro-Russian hackers threatening their businesses and administrations. In November, he attempted to disrupt the smooth running of municipal and regional elections in Denmark, targeting the websites of several political parties, municipalities, public broadcasting and even a company linked to the defense sector. Sweden, Switzerland, Germany, Italy… The group relentlessly targets countries displaying their support for kyiv, during operations resulting in more or less success. He also tried to hinder the NATO summit in The Hague (Netherlands), which took place last June in the presence of Donald Trump, Emmanuel Macron and Friedrich Merz.
Distributed denial of service attacks
Its method is often the same: deploy distributed denial of service (DDoS) attacks. La Poste would have been affected by this type of incident, which reinforces suspicions regarding NoName057 (16) in this case. The principle of this process? Multiply the requests on the server of an infrastructure, until it saturates and causes it to break down. In practice, hackers can use a botneta network of hacked devices, to be able to launch hundreds of requests on the targeted sites. Not necessarily very complex, these malicious operations mainly allow cybercriminals to temporarily disrupt computer systems, rather than recover sensitive data.
Although NoName057 (16) remains active today, the European criminal police and judicial cooperation agencies, Europol and Eurojust, nevertheless announced its dismantling last summer. “During a day of action on July 15, the botnetwhich used hundreds of servers around the world, was dismantled and several suspects were identified, including the main instigators residing in the Russian Federation,” these organizations explained. Two people were arrested as part of this investigation in France and Spain.
According to the authorities, the pro-Russian hackers relied in particular on software available to everyone via encrypted messaging systems. Its users, estimated at “more than 4,000” according to figures from the Paris prosecutor’s office, could then help them carry out their attacks. Thus, “more than 74,000 attacks” of this type against “4,900 victims” had been recorded around the world between 2023 and July 2025. “France was the target of more than 2,200 attacks, which affected more than 200 companies and public institutions,” the same source specified at the time in a press release.
