Pro-Russian cybercriminal organization UserSec announced a joint operation, with the help of NoName, against Germany. The attack managed to disable a metro station, paralyzing the local transportation system.
Germany has been the target of numerous DDoS attacks since 2022 when Russia invaded Ukraine. Several cybercriminal groups emerged shortly after, including NoName and UserSec.
But, while NoName has been relatively transparent and straightforward with its intentions, UserSec is a more cryptic actor. Not much is known about the cybercriminal gang aside from its pro-Russian sentiments and politically-driven goals.
The attackers haven’t made any demands. Instead, they mocked Germany in their post and announced that the operation was made possible with help from NoName. But one reason can be easily deduced for the attack.
Germany has been invested in the Ukrainian cause since the beginning of the war. They have provided the Ukrainian army with considerable military support, especially air support systems like Patriot.
The total amount of Germany’s projected spending on Ukraine revolves around $28 billion, which includes further aid packages. It’s not difficult to see why this would turn Germany into a target for cybercriminal organizations.
The only thing that’s certain is that UserSec began its activity sometime during 2022. Presumably, shortly after the beginning of the Ruso-Ukrainian war. It’s unclear at this time if the group has been active before that and only used the war as a catapult.
The group’s activity remained steady for a while until it ramped up close to the middle of 2023. Around May, the organization announced that it would be targeting NATO countries and that it would join forces with Killnet, among other actors.
Since then, UserSec has been on a roll, being involved in numerous strikes against NATO and non-NATO states. The group always justifies its attacks as protecting Russia’s interests and punishing those whom they deem enemies of the Russian state.
It doesn’t appear that the organization has any financial motivations.
As is typically the case with DDoS attacks, the fallout is typically mild. Most victims recover fast because the attackers don’t necessarily want to inflict heavy damage. If it happens, that’s a plus, but that’s not their goal.
Their goal is to use their resources wisely, so they can hit as many targets as possible, rather than tunnel them into a handful of operations. This explains how DDoS actors like NoName, UserSec, and Killnet can remain active throughout the year.
This tactic is effective at spreading panic, as the hackers can hit at any moment. More importantly, even if their goal isn’t necessarily to inflict long-lasting damages, these may occur anyway. As is typically the case when striking at public services.
UserSec may not be as threatening as other organizations, but there’s no denying that he’s quickly catching up.
We believe security online security matters and its our mission to make it a safer place.