Amaury-Jacques Garçon

Amaury-Jacques Garçon is a cybersecurity engineer working as technical CTI analyst and focusing on the investigation of state-sponsored threats, currently at Sekoia.io. With professional experience in open source investigation, he has worked for the French Ministry of Defense.

‍

Talk (with Maxime Arquilliere): NoName057(16) with a Name : a self-called and so-called collaborative project [TLP:AMBER+STRICT]

Since the beginning of the war in Ukraine, several so-called "nationalist hacktivist" groups have emerged, particularly on the Russian side, contributing to the confrontation between Kyiv and Moscow. Among these actors, the pro-Russian group NoName057(16) has stood out through the launch of the DDoSia project, a collective initiative aimed at conducting DDoS attacks targeting all entities (private companies, ministries, public structures) belonging to countries supporting Ukraine, primarily NATO member states. While the DDoSia project and the group behind it are now well-known names in 2025, Sekoia was one of the first cybersecurity companies to establish comprehensive monitoring of this threat. This presentation will unveil the technical mechanisms of the software used by NoName057(16), showcasing the evolution of these tools over time. These findings challenge the true community-driven nature of the project, as it is publicly presented. Thanks to our automated daily data collection, we have aggregated a dataset that clearly highlights the geopolitical strategies and sectoral impact of the attacks. All these elements give us both a strategic and technical view of this threat, which we will share with you during our presentation.