#noname
These have all been shut down. #noname #threatintel https://cyberplace.social/@GossiTheDog/113596971515491145
MOD Police’s website is back online today, almost 3 months after NoName DDoS’d it. https://www.mod.police.uk/
holm 
GELÖST!
(#qrcode / #datamatrix) #scanner unter #linux #hilfe:
scheinbar egal welcher hersteller (#keyence, #zebra, #noname) an egal welcher #distribution (#mint, #manjaro, #nixos, thin clients, #android) können unsere scanner keine umlaute und sonderzeichen wie | pipes…
an windows stecken wir ein und alles tut out of the box, auch ohne treiber und config.
was ist das geheimnis korrekter erkennung und tastaturlayoutzuordnung bei #barcodescannen unter linux?
New configuration detected for DDosia. Hosts:
* www.bmi.bund.de
* www.balm.bund.de
* mdm01.grob-aircraft.com
* alurheinfelden.com
* www.bmj.de
* clientnext.bayernlb.de
* grob-aircraft.com
* sbahn.berlin
* api.sbahn.berlin
* www.nrwbank.de
* www.elbeflugzeugwerke.com
* rheinfelden-semis.eu
* www.baywa.com
* rheinfelden-carbon.eu
* www.cobus-industries.com
* www.man-es.com
* www.bayernlb.de #ThreatIntel #Ddosia #NoName
* https://witha.name/data/2025-01-14_07-10-02_DDoSia-target-list-full.json
*
Looks like #NoName057 went after Israeli websites. Was it the first time? Any clues what could have provoked it?
There's another variation of the NoName copycat shakedowns -
there's a group who aren't doing any DDoS, they're just getting the list of actual NoName victims, then emailing them as "NoName057" demanding Bitcoin for the attacks to stop.
Again, it's very unlikely it's actually NoName - the play appears to be, because NoName are super successful (by just doing layer 7), people are surfing off it for money from confused victims who don't even know what NoName is.
PSA for defenders, somebody appears to be copying NoName and doing shakedowns for Bitcoin payment.
They do a copycat layer 7 attack (the tooling real NoName use is basically lifted from Github), and then follow up with an email from "NoName057" for payment.
I'd strongly advise not paying and make sure your sites are behind a cloud WAF with rate limiting configured, and have origin IP not internet accessible
It's very unlikely the people doing this one are actually NoName
Ministry of Defence Police’s website is still down 18 days later. The latest is they’ve tried to move it behind Cloudflare, but don’t know how to configure DNS.
clientnext.bayernlb.de
* fnherstal.com
* grob-aircraft.com
* api.sbahn.berlin
* www.baywa.com
* www.vanhool.com
* www.televic.com
* www.bmj.de
* 1557.kyiv.ua
* www.dexia.com
* www.migremont.zp.ua
* narp.ua
* www.minfin.fgov.be
* idp.belgiantrain.be
* www.man-es.com
* www.nrwbank.de #ThreatIntel #Ddosia #NoName
* https://witha.name/data/2024-12-20_12-10-25_DDoSia-target-list-full.json
* https://witha.name/data/2024-12-20_12-10-25_DDoSia-target-list.csv
NoName Germany tracking thread for the week outsourced 
#noname #threatintel
NoName have started testing against Germany. Targets so far are all banks, remarkably successful too - they’re targeting the origin IP to avoid WAF. #noname #threatintel
NoName trying to get their supporters to find German media contacts, I’m guessing next week is Germany week.
MOD Police’s website is still down, 8 days later.
After targeting Fr websites this week-end #Noname switched this morning to Dk websites…
NoName have moved on to France, as… Trump is there 
or something.
I’ll stop tracking threads now as I’m selfish. Although I do enjoy being an undercover Russian, and Russian sense of humour is pretty good (and odd).
NoName impact summary for the day is basically the same as it began, the sites online and offline is still the same as when the attacks began for the day.
https://www.mod.police.uk/ is still down
NoName UK run continues. They're reusing same targets and target config from prior attacks.
Config snapshot for today:
