Romanian state websites
May 4, 2025
•[ ddos, hacktivism, government ]
Russia-aligned hacktivist group NoName057(16) claimed DDoS attacks on Romanian state and candidate websites on election day; Romanias DNSC confirmed the incidents and said sites were restored.
Arriva Nederland
May 1, 2025
•[ ddos, hacktivism ]
Arrivas Dutch website was taken offline in a DDoS attack claimed by Russia-aligned hacktivists, with outages acknowledged locally; services were restored after mitigation.
Dutch public & private organizations
May 1, 2025
•[ ddos, hacktivism, service disruption ]
Russia-aligned hacktivists launched large-scale DDoS causing service disruptions at Dutch public/private orgs; NCSC acknowledged incidents; no internal compromise reported.
System Rejestrów Państwowych (Polish State Register System)
April 30, 2025
•[ ddos, hacktivism ]
On April 30, 2025, Polands System Rejestrw Pastwowych, which supports the national tax and registration systems, was targeted by a hacktivist DDoS campaign that caused temporary outages. Access to e-Declarations, CEPiK, and related government portals was disrupted for about one hour. No data theft or encryption occurred, and services were quickly restored.
System Rejestrów Państwowych (Polish State Register System)
April 30, 2025
•[ DDoS, hacktivism, outage ]
On April 30, 2025, Polands System Rejestrw Pastwowych, which supports the national tax and registration systems, was targeted by a hacktivist DDoS campaign that caused temporary outages. Access to e-Declarations, CEPiK, and related government portals was disrupted for about one hour. No data theft or encryption occurred, and services were quickly restored.
Army Public Schools (Srinagar and Ranikhet)
April 29, 2025
•[ website defacement, hacktivism ]
Pakistan-based hacktivist IOK Hacker defaced the websites of Army Public Schools in Srinagar and Ranikhet with pro-Pakistan slogans referencing Kashmir; sites were restored shortly after discovery.
Rajasthan Education Department
April 29, 2025
•[ hacktivism, defacement ]
Hacktivist group Pakistan Cyber Force defaced the Rajasthan Education Department website with inflammatory political messages claiming the Pahalgam attack was an inside job; the portal was taken offline and later restored.
NRC Media B.V. (publisher of NRC Handelsblad)
April 28, 2025
•[ DDoS, hacktivism ]
On April 28, 2025, the Dutch news organization NRC Media suffered a DDoS attack that rendered nrc.nl unreachable for nearly a full day; pro-Russian hacktivist group NoName057(16) claimed responsibility, linking the attack to Dutch support for Ukraine.
Multiple Gelderland Municipalities / NotuBiz Customers
April 28, 2025
•[ ddos, hacktivism, service disruption ]
On April 28 2025, a coordinated distributed denial-of-service (DDoS) attack claimed by the pro-Russian hacktivist group NoName057(16) targeted the Dutch municipal IT supplier NotuBiz, disrupting connectivity for at least 15 municipal and provincial websites in the province of Gelderland. The attack caused complete but temporary loss of access to public portals for several hours; no data theft or secondary compromise was reported.
Cities of Palo Alto, Redwood City, and Menlo Park (Crosswalk systems)
April 21, 2025
•[ Hacktivism, Unauthorized Access, Deepfake ]
Hacktivists hijacked Bay Area pedestrian crosswalk systems in Palo Alto, Redwood City, and Menlo Park to broadcast deepfake audio messages impersonating Elon Musk and Mark Zuckerberg mocking billionaire culture; no data theft or operational outage beyond altered messages reported.
City of Seattle (Crosswalks system)
April 21, 2025
•[ hacktivism, unauthorized access, system compromise ]
Hacktivists compromised Seattle pedestrian crosswalk systems to broadcast spoofed audio announcements mocking technology billionaires; no evidence of data exfiltration or wider operational impact reported.
Joannenova.com.au (Jo Nova Blog)
April 19, 2025
•[ ddos, hacktivism ]
Joannenova.com.au, an independent Australian blog run by science commentator Jo Nova, reported a distributed denial-of-service (DDoS) attack beginning around Easter Saturday (April 19 2025). The site, known for climate-skeptic and political commentary, was flooded by traffic from hundreds of thousands of IPs mainly in China, the USA, Brazil, and Europe, causing intermittent outages for about two weeks. The politically charged nature of the site suggests a hacktivist protest motive.
Russian Railways (RZhD)
April 19, 2025
•[ denial of service, hacktivism ]
The IT Army of Ukraine conducted a distributed denial-of-service attack on Russian Railways national ticketing and logistics platforms on April 19 2025, temporarily paralyzing access across multiple regions; service was restored the same day.
TickChak (external ticketing platform used by IDF units)
April 16, 2025
•[ data leak, hacktivism ]
A hacktivist using the alias Persian Prince accessed and leaked data from TickChak, an Israeli ticketing platform reportedly used by IDF units. The leak, publicized on April 16 2025, exposed personal details of tens of thousands of soldiers, including names, national ID numbers, and phone numbers. No ransom or sale was reported; the data was posted publicly to protest Israeli military actions.
Finnish Parliamentary Parties
April 8, 2025
•[ ddos, hacktivism ]
Pro-Russian hacktivist group NoName057(16) conducted DDoS attacks against websites of Finnish parliamentary parties, temporarily disrupting access for several hours.
Caisse Nationale de Sécurité Sociale (CNSS)
April 8, 2025
•[ data leak, hacktivism ]
Moroccos CNSS confirmed a major data breach claimed by the hacktivist group Jabaroot. The attackers accessed and leaked millions of social-security records belonging to private-sector employees and companies. CNSS stated no operational disruption or encryption occurred.
Kaukokiito
April 8, 2025
•[ denial-of-service, hacktivism, logistics ]
NoName057(16) carried out denial-of-service attacks against Kaukokiitos website, briefly disrupting logistics service access in Finland.
Czech Government – Prime Minister’s X (Twitter) Account
April 8, 2025
•[ account takeover, hacktivism, disinformation ]
On April 8 2025, hacktivists compromised the official X account of Czech Prime Minister Petr Fiala and posted fabricated messages about Russian attacks and U.S. tariffs in protest of Czech government policies. Authorities confirmed the intrusion, removed the posts, and restored control within hours. No data theft or encryption occurred.
OP Group
April 8, 2025
•[ ddos, hacktivism ]
Pro-Russian hacktivist group NoName057(16) launched DDoS attacks against OP Group, causing temporary disruption of online banking services in Finland.
Panostaja Oyj
April 8, 2025
•[ ddos, hacktivism ]
NoName057(16) hacktivists targeted Panostaja Oyjs website in a politically motivated DDoS campaign linked to Finlands ceasefire proposal on Ukraine, causing brief outages.
