Pro-Russian Hacktivist Group NoName Resurges, Disrupts French Websites Ahead of Christmas

Executive Summary

The pro-Russian hacker group NoName057(16) has relaunched a wave of distributed denial-of-service (DDoS) attacks targeting French websites and regional online services in the run-up to Christmas 2025.

NoName057(16) first emerged in 2022 as a loosely organized pro-Russian collective, using Telegram channels to claim responsibility for DDoS attacks against government, media, and private sector targets in Western countries. Law enforcement agencies in Europe and the U.S. have previously linked the group to broad “hybrid warfare” tactics designed to disrupt public access to web services.

Throughout 2025, the group’s activities have included DDoS campaigns against municipal portals and regional government sites in France, alongside similar attacks witnessed in Central Europe. Attributing political motives, the group often frames these operations as retaliation for Western support of Ukraine.

What Happened

In December 2025, reports of widespread web outages and access disruptions emerged from several French municipal and departmental websites, blocked or rendered unresponsive due to DDoS traffic spikes initiated by NoName057(16).

The DDoS method floods targeted servers with excessive volumes of requests, overwhelming infrastructure and preventing legitimate users from reaching online services. The timing - just a few days before the holiday period when users and public service providers rely heavily on online access - underscores the attackers’ strategic choice of moment for maximum visibility and impact.

While French authorities have not publicly attributed this specific wave to a state sponsor, security analysts note that NoName057(16)’s pattern aligns with prior attacks tied to pro-Russian hacktivist motivations.

Impact & Affected Entities

The primary impact of the attacks has been temporary service outages, affecting:

• Municipal websites of key French cities
• Regional portals handling citizen services
• Public information platforms

At the time of writing, no evidence suggests data breaches or exfiltration; the main consequence remains reduced availability of affected websites during peak holiday use.

Although municipal portals vary in size and capacity, even brief outages can erode public trust and obstruct access to essential information, prompting emergency response from local IT teams.

Technical Analysis

DDoS attacks do not inherently compromise backend systems or user data, but they can saturate network and application layers, often requiring coordinated mitigation using rate-limiting, traffic filtering, or upstream scrubbing services.

Groups like NoName057(16) typically orchestrate such attacks using:

• Botnets composed of compromised systems
• Open proxy networks
• Specialized tools shared via messaging apps like Telegram

The decentralized nature of the collective makes attribution and defense more complex, as participants operate across multiple countries and use anonymization techniques to mask traffic origins.

Attribution & Threat Actor Context

NoName057(16) is a pro-Russian hacktivist group first identified in 2022. Analysts classify the group as politically motivated, conducting cyberattacks against entities perceived to support Ukraine or Western geopolitical interests. Its operations have targeted government portals, public services, and critical infrastructure sites across Europe and North America.

In mid-2025, an international law enforcement operation resulted in multiple arrest warrants and disruption of some of the group’s infrastructure, reflecting the growing focus of authorities on mitigating politically charged cyber threats.