The Spanish authorities have arrested three individuals for using DDoSia, a distributed denial of service platform operated by pro-Russian hacktivists, to conduct DDoS attacks against governments and organizations in NATO countries.
The arrests were made in the suspects’ homes in Seville, Huelva, and Manacor. The police also confiscated various computer equipment and documents of interest to be used in the ensuing investigations.
The reported arrests do not seem to have deterred the group, as the hacktivist group continued to conduct DDoS attacks against targets in the EU on Monday morning.
Spanish law enforcement shared the following video of their seizure of devices during the arrests.
‘DDoSia’ attacks
An announcement by Spain’s Ministry of Interior mentions that the three detainees were participating in the DDoSia project, a software platform used to launch DDoS attacks that was developed and operated directly by NoName057.
“The particularity of the cyber attacks carried out by NoName057 (16) is that they are made using software developed by the group itself, software dubbed “DDoSia,” which is used voluntarily by individuals who support the purposes of this hacktivist organization,” says Spain’s Ministerio Del Interior.
DDoSia was launched in August 2022 as a new platform that uses volunteers’ bandwidth to perform crowdsourced DDoS attacks against organizations supporting Ukraine.
The project paid top contributors money in exchange for them generating large amounts of traffic directed at targets designated by the NoName057 hacktivist group.
DDoSia was the source of notable DDoS attacks against government organizations in Poland and Switzerland, causing service outages and access problems.
In June 2023, cybersecurity firm Sekoia reported that the DDoSia platform had achieved a massive 2,400% growth, counting over 13,000 users on its Telegram channel.
The firm’s analysis of 486 DDoSia attack waves between May 8 and June 26, 2023, showed that the platform had targeted organizations in over 24 countries, mainly Lithuania, Ukraine, Poland, and Italy.
The Spanish investigators said they are working towards identifying other participants in the DDoSia attacks.
The public may perceive these so-called hacktivists as a lesser threat. However, DDoS attacks have proven to be highly disruptive to organizations as they have been shown to take down login portals, administrative consoles, and websites.
Last summer, Microsoft admitted that a multi-day outage to the web portals of Azure, Outlook, and OneDrive was caused by DDoS attacks launched by the hacktivist group Anonymous Sudan (Storm-1359).
The threat actors even attempted to monetize the DDoS attack, demanding that Microsoft pay them $1,000,000 to stop.