BETWEEN 26 January and 1 February 2026, SOCRadar identified a large coordinated DDoS campaign conducted by the pro-Russian threat actor NoName057(16) using the DDoSia attack tool, resulting in 5,830 recorded attack entries across 160 unique domains and 181 unique IP addresses in multiple countries. The United Kingdom accounted for 55.0% of all attacks (3,204 targets), with Ukraine on 12.7% (738 attacks), Czechia 4.9% (286 attacks), and commercial/international domains making up 27.4% (1,602 attacks).
Most attacks targeted port 443 (HTTPS) at 65.1% (3,795 attacks), with a substantial portion also directed at port 80 (HTTP) and a mix of TCP and HTTP-based techniques used in multi-vector efforts. NoName057(16) leverages a crowdsourced model via the DDoSia botnet framework, coordinating through Telegram channels to update target lists multiple times daily and sustain a seven-day, multi-country targeting pattern across NATO members and Ukraine.
According to SOCRadar, the campaign demonstrates a shift from single-country pressure to diversified multi-country operations, highlighting expanding operational capability and strategic ambition.