The pro-Russian hacker group NoName057(16) is recruiting participants for DDoS attacks against government websites across Europe under the guise of a “patriotic online game.” Attempts by Western law enforcement agencies to shut down the group have failed, and the hackers’ activity has only increased, according to a recent investigation by the independent media project Vot Tak and research group RKS.Global.
The investigation analyzed configurations — commands with attack parameters — that the organizers sent to connected devices from 2023 to 2026. They found that before July 2025, the hackers sent an average of around 6,300 attack commands per month. After that, the monthly average rose to 7,708. On average, about 300 attacks a month were successful, leaving websites temporarily unavailable to users.
From July 14 to 17, 2025, law enforcement agencies from Switzerland, the United States, and several EU countries carried out a large-scale operation in which they seized more than 100 of the group’s servers, conducted 24 searches, questioned 13 people, and issued seven arrest warrants. More than 1,000 others also received police warnings about liability for cybercrimes. Nevertheless, the attacks resumed within days — and even became more frequent, suggesting the law enforcement operation failed.
The targets included companies, banks, and government institutions in Western countries. In November 2025, websites belonging to several Danish government agencies, political parties, and media outlets were hit at once. As a result, local elections in Denmark came under threat: organizers stocked up on generators and flashlights, fearing power outages, though the situation did not go that far.
The attacks are carried out using a special program called DDoSia, which the group’s volunteer helpers install on their devices. The software generates hundreds of automated requests a day. For each request, a user can receive a reward in the project’s internal game currency, called decoins, which can then be exchanged for the TON cryptocurrency and later converted into real money through third-party apps. For example, a user can receive 50 decoins for 500,000 successful attacks in a day. One decoin is worth around 2.4 cents, and a single device infected with DDoSia can make up to several million requests a day, posing a serious threat to websites. The app is advertised on Telegram channels with offers to earn money in a “hacker online game” while “helping Russia on the information front.”
Europol believes the app’s developers and the group’s coordinators are two Russians: 39-year-old Mikhail Burlakov and 36-year-old Maxim Lupin. According to leaked data, both live in Moscow. Lupin heads the Center for the Study and Network Monitoring of the Youth Environment, known as TsISM, while Burlakov is his deputy. In that capacity, Lupin has taken part in meetings of the Presidential Council and a State Council commission, as well as the Congress of Young Scientists, which Vladimir Putin also attended.
