Pro-Russia hackers aim DDoS campaign at Austrian websites ahead of elections

Pro-Russia hacker groups have claimed responsibility for disrupting dozens of Austrian websites ahead of the country's general election later this month. 

The groups, known as NoName057(16) and OverFlame, said they launched distributed denial-of-service (DDoS) attacks on websites for the Austrian government, airports, financial services entities and a stock exchange. 

Researchers at the cybersecurity firm Radware reported that the campaign began early last week and is still ongoing. The incidents have not caused any long-term damage to their targets. DDoS campaigns attempt to overload websites with junk traffic and cause outages. 

In total, the hackers have targeted over 40 entities, Radware said. Local media and several of the affected organizations have confirmed some of the attacks claimed by the hackers.

On September 29, Austrian citizens will elect members of the 28th National Council, the lower house of the country's parliament.

Two of Austria’s political parties — OVP and SPO — reported that their websites were temporarily unavailable recently due to DDoS attacks.

Was passiert am Montag um 21:05 Uhr? Seitdem wir gestern diese Frage gestellt haben, ist unsere Website Ziel von Angriffen. Daher ist die Website zwischenzeitlich nicht erreichbar. Aber keine Sorge, schaut heute um 21:05 Uhr auf unsere Kanäle und auf https://t.co/Ce47oyVF7Q.

— SPÖ (@SPOE_at) September 23, 2024

As of the time of writing, the website of the Tirol branch of the Austrian People's Party (ÖVP) remains unavailable. According to local media, other regional branches may also be affected.

The so-called Russian hacktivists behind DDoS incidents typically aim to attract media attention and cause inconvenience to website users.

NoName057(16) hackers have consistently targeted Kyiv and its allies since the start of Russia’s invasion of Ukraine. Researchers at Radware have described them as “a well-organized hacktivist group.”

The group’s primary tool for DDoS attacks is a crowdsourced botnet project called DDoSia. It relies on other politically motivated hacktivists who are willing to download and install a bot on their computers to launch the attacks, with the promise of financial incentives for successful operations.

According to Radware, NoName057(16) hackers have “mastered their ability to generate highly evasive and sophisticated HTTPS flood attacks that are hard to detect and mitigate.”

Other hacker groups, including the obscure OverFlame hackers and the Cyber Army of Russia Reborn (CARR), whose members were recently sanctioned by the U.S., have also joined NoName’s attacks against Austria, according to their Telegram channels.

“It is common to see like-minded threat actors form ad-hoc alliances and collaborate on campaigns to increase their impact,” Radware said.