NoName057(16) back to targeting UK this week, they're going to run all week. Thread for the week.
Current DDoS config, 17 orgs, UK councils and transport. Approx 70% success rate.
Council websites generally host this kind of thing, if you want to know why they get targeted - it's local support basically.
UK Councils doing a much better job at coming back online this time around compared to last month's NoName attacks - 8 out of the 9 targeted (which are still in the botnet DDoS config, so attacks continue) are back online, only eastsuffolk.gov.uk remains down.
So far every council you've mentioned the issues has pretended it's a generic issue, lol
Edit: although in fairness I guess some of these councils might not actually know the cause
To bring this to life btw about why NoName is so successful in terms of bringing things down - this is entire config for eastsuffolk.gov.uk, which has been down since 7am UK time.
There's no packet flood. There's no large packets. There's nothing like that. It's a layer 7, application layer attack.
All they do is send lots of web search requests with gibberish -- $_1 and $_5 are just large random strings. It's enough to CPU and memory exhaust most webservers.
Also if anybody is wondering it's less than a thousand attacking IPs, and they're largely volunteer's PCs and mobile phones - this isn't an infected router botnet.
A group of us has been aggressively taking down the config C2s for about a year which cuts off the volunteers, the numbers are down about 8 times from a year ago, but NoName have become better at their target config.
