22.01.2025
In December 2023, the Molfar website experienced a DDoS attack. This occurred immediately after the publication of our extensive investigation into the production of Shaheds and Lancets, which included the deanon of the family of chief designer Zakharov. Recently, Molfar discovered who was behind that DDos attack.
Molfar's OSINT analysts, in collaboration with the DC8044 F33d community team, identified several Russian hackers allegedly connected to Russian state structures and received funding from them. Some of these individuals are Ukrainian.
Who are Noname05716 (Ddosia)?
Russian Cyber Army / Noname057(16) are two groups that have operated in parallel since late 2022. Noname057(16) developed a project—malicious software called Ddosia—as part of their toolkit for DDoS attacks, mainly targeting NATO countries. By early September 2024, the groups appeared to have merged into a single structure. Russian state structures likely fund this project. DDoS botnets associated with the project reward users for resources they contribute to the botnet. A series of attacks have been linked to this group.
United States.Two individuals associated with the Noname057(16) hacker group, Yuliya Pankratova and Denis Degtyarenko, appear on U.S. sanctions lists. These documents mention the Cyber Army of Russia Reborn (CARR). While both names appear in the context of cyberattacks, their exact connection or hierarchy remains a subject of further analysis.
The Netherlands. In August 2023, the group carried out DDoS attacks on the websites of several Dutch organizations, including the ports of Rotterdam, Amsterdam, Den Helder, and Groningen. These websites were inaccessible for hours or even days. The attacks were reportedly in response to the Netherlands' plans to purchase Swiss tanks for Ukraine. Notably, the internal systems of the ports were not compromised, and the attacks were limited to turning off public websites.
Other operations. Overall, Noname057(16) has conducted DDoS attacks on government and commercial websites in over 15 countries, including Ukraine, Canada, the Baltic states (1, 2, 3), Denmark, Germany, Norway, Poland, Finland, Italy, the Czech Republic, the United Kingdom, and others. The targets ranged from government institutions and ports to banking systems, transportation companies, and media outlets. These attacks were predominantly politically motivated, often directed against countries supporting Ukraine.
Noname057(16) hackers have conducted several interviews, which were later posted on their Telegram channel. One interview by Spanish cybersecurity expert Rafa Lopez for Bit Life Media saw the hackers boasting about allying with pro-Russian hackers fighting against the "collective West" and the "deep state." They referred to this alliance as the "Holly League" and quoted Russian poet Aleksandr Blok:
"Millions are with us. We have darkness, darkness, and even more darkness. Try to fight us!"
Yuliya Vladimirovna Zhuravlyova / Pankratova also gave an interview to the KnightPentest blog. She claimed that French websites had been attacked twice—once for violating Christian norms during preparations for the 2024 Olympics and a second time in support of Pavel Durov.
Molfar and DC8044 have uncovered personal information about 8 individuals who administer a Telegram community linked to attacks, including one on the Molfar website, as well as individuals who are members of these communities.
Nickname | Role | Full Name |
@nn05716 | Administrator | Artem Vladimirovich Pankratov (Russian — Артем Владимирович Панкратов) |
@MotherOfBears | Administrator | Yuliya Vladimirovna Zhuravlyova / Pankratova (Russian — Юлия Владимировна Журовлева / Панкратова) |
@vetal2020 | Administrator | Vitaliy Vitalievich Pryadka (Russian — Виталий Витальевич Прядка) |
@Rabbn1 | Administrator | Ilya Maskaykin (Russian — Илья Маскайкин) |
@simplusertg | Administrator | Nikolay Dmitrievich Osaulenko (Russian — Николай Дмитриевич Осауленко) |
@t96_ka | Administrator | Kirill Andreevich Titov (Russian — Кирилл Андреевич Титов) |
@tory12345666 | Administrator | Viktoriya Eduardovna Dubranova (Виктория Эдуардовна Дубранова) |
@Timea_Rich | Administrator | Aleksandr Sergeevich Kraynov (Russian — Александр Сергеевич Крайнов) |
@sturm_29 | Member of DDoSia and Noname05716 community | Dmitriy Nikolaevich Smorodin (Russian — Дмитрий Николаевич Смородин) |
@Monaxxx666 | Member of DDoSia and Noname05716 community | Evgeniy Ivanovich Shevlyakov (Russian — Евгений Иванович Шевляков) |
@ArchLinuxrootuser | Member of DDoSia and Noname05716 community | Murat Damirovich Bilalov (Russian — Мурат Дамирович Билалов) |
@Endingth | Member of DDoSia and Noname05716 community | - |
@zamorskui | Member of DDoSia and Noname05716 community | - |
@happinessgerl | Member of DDoSia and Noname05716 community | - |
Administrators of the Telegram channel DDoSia and Noname05716
Artem Vladimirovich Pankratov (Russian — Артем Владимирович Панкратов)
The Russian person in the photo above is likely a key Russian Cyber Army / Noname05716 (Ddosia) community member. He administers the Telegram group alongside his wife, Yuliya Zhuravlyova / Pankratova (@MotherOfBears), who will be discussed further below. Artem owned several legal entities (1, 2, 3, 4), all associated with trade or construction. However, his entrepreneurial ventures did not help him escape debt. Pankratov owns sipconstruct (inst), which is also involved in construction.
This is what Pankratov's Twitter account looks like
On social media, he primarily posts Russian propaganda. Additionally, he boasts numerous posts about the success of hacking attacks by the NoName057 community. On Telegram, Artem follows pro-Russian channels, such as "русская идея" (Russian Idea), but at the same time, he appears interested in topics like "emigration" and studying Spanish.
A comment in Spanish that reads, "Here is the link to this group's Telegram channel," followed by a link to the Russian hacker community, was found. The comment appeared in a discussion within the group Informa Pirata: informazione e notizie.
This discussion revolved around the news of the NoName057 hackers' DDoS attack on the Italian Ministry of Defense website. The group itself focuses on cybersecurity and digital rights. Pankratov likely used this comment to promote his hacker group.
He also follows a group “канадских возвращенцев” (Canadian Returnees). Overall, he attempts to advertise his hacker community in various groups. Here is an example of his promotional content:
Screenshot of a message where Pankratov offers a reward for cooperation (source)
Personal information of the Russian hacker:
- Date of Birth: 23.04.1984
- Known addresses:
Social Media:
Email addresses:
Phone numbers:
- +7 994 555 5499
- +7 927 149 8929
- +7 845 296 1555
- +7 845 291 3231
Documents:
- Passport: 322320313
- Taxpayer Identification Number (TIN): 645116260584
- Personal Insurance Account Number (SNILS): 11225845627
Pankratova (Zhuravlyova) Yuliya Vladimirovna (Russian — Панкратова (Журавлева) Юлия Владимировна)
This is the wife of Russian hacker Artem Pankratov, who was mentioned earlier. It seems that Yuliya and Artem married last year. Yuliya supports her husband's hacker activities and is also active in groups associated with Russian propaganda and DDoS operations (1, 2), operating under the nickname MotherOfBears.
Yuliya administers the Telegram channel of the Russian hacker community DDoSia. She is also a participant in the chat group "ГеоПолитика Цивилизаций" (1,2), which promotesconspiracy theories and Russianpropaganda.
Yuliya is listed in the Myrotvorets database.
Personal Information
- Date of Birth: 06.04.1984
- Place of Residence: Anapa
- Known Address: Moscow, Klyazminskaya St., Building 7, Block 2, Apt. 25
Social Media:
Email Address:
Phone Numbers:
- +7 909 660 6594
- +7 965 061 1488
- +7 938 421 7931
- +7 985 392 0040
- +7 916 230 1826
Documents:
- Passport: 4507084340
- Taxpayer Identification Number (TIN): 771770724400
- Personal Insurance Account Number (SNILS): 14264694170
Pryadka Vitaliy Vitalievich (Russian: Прядка Виталий Витальевич)
Vitaliy is originally from the Zaporizhzhia region. He has been using this Telegram account since 2021. According to insider information, he has a criminal record for theft. In 2019, he traveled to Moscow. Vitaliy is interested in gardening and marijuana.
Among the Telegram groups he frequents are @baraholkabkm (Baraholka OTG - Kushugum, Balabyno, Maloekaterinovka) and @otgKushugum. Vitaliy is also believed to have owned or currently owns a Chevrolet Lacetti.
Personal Information
- Date of Birth: 29.03.1996
- Known Address: Zaporizhzhia Region, Zaporizhzhia District, Malokaterynivka
Social Media:
Email Address:
Phone Numbers:
- +38095*******
- +38067*******
Documents:
- Passport: СЮ*******
- Taxpayer Identification Number (TIN): 35********
Ilya Maskaykin (Russian: Илья Маскайкин)
A teenager from Russia, likely from Mordovia, who is interested in supporting the Russian army and hacktivism. His other interests include the Russian navy, fundraising (likely for the Russian army), malware, and DDoS attacks. He has been registered on Telegram under this account since April 2023.
Personal Information
- Date of Birth: 27.04.2006
- Education:
- As of December 2023, an 11th-grade student
- Educational Institution: MOE Lyceum of Elnikovsky Municipal District
- Achievement: History Olympiad prizewinner in the 2023–2024 academic year
- Known Address: Mord. Maskkinskiye Vyselki Village, Zarechnaya St., Building 33, Apt. 2
Social media:
Email Addresses:
Phone Number:
Nikolay Dmitrievich Osaulenko (Russian: Николай Дмитриевич Осауленко)
Osaulenko considers his work extremely dangerous, commenting that "everything could end at any moment." It turned out that this "dangerous" work involves state construction for FGUP's "Main Military Construction Directorate for Special Facilities." This organization is associated with the construction of specialized and often classified facilities, including military bases, underground bunkers, strategic infrastructure, and objects with a high level of secrecy. Like the others mentioned earlier, he is part of the channel's administration.
Using this account, Osaulenko has been an admin of the DDoSia Project group since 2024. His interests include network reconnaissance, doxxing, penetration testing, and uncovering identities. He is also likely a reader of posts in hacker communities and a participant in the group "Прививка от секса" (1, 2, 3). Osaulenko is believed to have a wife and child.
Personal Information
- Date of Birth: 14.09.1989
- Known Address: Russia, Republic of Mordovia, Zubovo-Polyansky District, Tarkhanskaya Potma, Lesnaya St., Building 58
Social Media:
Email Address:
- Primary: [email protected] (verified)
Phone Numbers:
Documents:
- Passport: 8909133283
- Taxpayer Identification Number (TIN): 130802586462
- Personal Insurance Account Number (SNILS): 14642127949
Vehicle:
- Make/Model: ВАЗ/Lada 2170/Priora
- License Plate: К930ЕУ13
- VIN: XTA21703080082160
Professional Activity:
- Employment in 2019: Moscow branch of FGUP "Main Military Construction Directorate for Special Facilities"
Kirill Andreyevich Titov (Russian: Кирилл Андреевич Титов)
One of the individuals closely connected to the DDoSia and Noname05716 communities turned out to be a Russian "oppositionist." In 2021, he sponsored Alexei Navalny's Anti-Corruption Foundation (FBK). Under the nickname @t96_ka, this person is Kirill Andreyevich Titov, an administrator of a Telegram channel that compiles educational materials for hacking, specifically for the DDoSia Project.
From 2017 to 2021, he operated electronic and computing machines at BUZ VO "Liskinskaya District Hospital" (1, 2).
Personal Information
- Date of Birth: 22.05.1996
- Known Address: Voronezh Region, Lisky, Sechenova St., Building 45, Apt. 1
Соціальні мережі:
Електронна пошта:
Phone Number:
Documents:
- Passport: 2016954088
- Taxpayer Identification Number (TIN) 365205093629
Viktoriya Eduardovna Dubranova (in Russian: Дубранова Виктория Эдуардовна)
Viktoriya is Ukrainian, likely born in Dnipro. She describes herself as having a "Slavic soul" that resists communication in English. She actively uses the Russian social network VK. Her personal email address, [email protected], is registered (1, 2, 3) on multiple Russian services, including avito.ru, bookmate.com, nnm-club.ru, text.ru, bitrix24.ru, and plibber.ru.
In April 2016, she shared an image featuring a person holding the Soviet Union flag. The user with the nickname @tory12345666 is an administrator of the Telegram channel that compiles educational materials for hacking, specifically for The DDoSia Project.
Viktoriya appears to be among those whose "Slavic soul" views the world through the lens of the Russian tricolor. In 2021, she posted links on Facebook to petitions opposing mobilization. Her feed also includes a dramatic photo of the sky framed by barbed wire.
Personal Information
- Date of Birth: 12.08.1991
- Known Addresses:
- Dnipro, Tverska St., Building ****, Apt. ****
- Dnipro, Karla Liebknechta - Mykhailo Hrushevskyi
- Dnipro, Pershoho Travnya St., Building ****, Apt. ****
- Dnipro, Oleksandr Pol Avenue, Building ****, Apt. ****According to leaked databases from 2016 to 2022)
Social Media Accounts:
Email Addresses:
Phone Numbers:
- +380*********
- +380*********
- +380*********
Telegram:
- TG id: 6634849144
- Нікнейми: @viktorya_design, @tory12345666
Documents:
- Passport: АН******
- Taxpayer Identification Number (TIN): 33********
Known Nicknames:
- SovaSonya
- sovasonyasouls
- viktorya_design
Aleksandr Sergeyevich Kraynov (Russian: Александр Сергеевич Крайнов)
Under the nickname @Timea_Rich, there is likely a Russian military officer. The owner of this Telegram profile currently resides in Ivanovo, Ivanovo Oblast, Russia. This is Aleksandr Kraynov, who served in the Russian Airborne Forces (VDV) in the 31st Separate Air Assault Brigade (1, 2, 3).
Kraynov probably owns the esports media outlet Cyberivanovo, as his email is linked to the account cyberivanovo.bitrix24.ru.
Possible IP Addresses:
- City: Kineshma: 80.70.96.55
- City: Ivanovo: 78.111.152.229
Personal Information
- Date of Birth: 10.12.1988
Social Media:
Email Address:
Phone Numbers:
- +79203465882
- +79261379063
Telegram Details:
Bank Card:
- Number: 4584432849775797
- Expiration Date: 31.11.2028
Online Activity:
Known Passwords:
- 10121988,
- 101288,
- 123456,
- annamylove,
- Annamylove,
- parolikys,
- Stream,
- stream,
- stream1,
- yahohbe5,
- Yahohbe5,
- s8nfn6kj,
- Md5crash23.
Other Members of the DDoSia and Noname05716 Communities
Nickname | Full Name | Contact Information | Additional Information | Photo |
@sturm_29 | Dmitriy Nikolaevich Smorodin (in Russian: Смородин Дмитрий Николаевич) | VK, VK2, FB, OK, [email protected], [email protected], [email protected], [email protected], [email protected], +79115532861, +79115832861, +79815618077, +78182276042, tg id 1335654319 | Likely a former skinhead (1, 2, 3) . SNILS: 04638417771, TIN: 290209937334, Passport: 1106 484205 |  |
@Monaxxx666 | Yevgeniy Ivanovich Shevlyakov (in Russian: Шевляков Евгений Иванович) | WhatsApp, TG: id1490527124 / @Monaxxx666, Skype: live:.cid.b436f501f99fc054, [email protected], [email protected], +79009854396 | Bank Card (Alfa Bank): 5486553006600365, Account: 40903810005870093923; client of Auchan and Lukoil card systems. Resides in Gryazi, Lipetsk Region. Passport: 4219187996 | |
@ArchLinuxrootuser | Murat Damirovich Bilalov (in Russian: Билалов Мурат Дамирович) | Member of youth organizations “Cosmic Scouts” and “Rocket Modeling”; soloist in choirs “Vosmushki” and “Raduzhnye Notki”; studies at IT Lyceum of Kazan Federal University. Passwords: vehfnbr, 123123a, 160607, 123123. Featured in the video, “One Day in the Life of a Lyceum Student.” |
|  |
@Endingth, @zamorskui | N/A | Date of Birth: 06.11.2008. Resides in Turkey or Azerbaijan. An 8th-grade student planning to apply to a police academy in the Information Security faculty. Height: 169–171 cm. Nationality: Half-Russian, half-Azerbaijani or half-Turkish. | ||
@happinessgerl | N/A | Reportedly participated in Telegram groups related to Sakhalin and built computers for botnets. |
Russian Cyber Army, Noname057(16), and Ddosia are all pro-Russian hacker groups. The Russian Cyber Army emerged after the start of Russia's invasion of Ukraine. They carry out cyberattacks on government and private organizations opposing Russian aggression. Their methods include DDoS attacks, website hacking, and propaganda dissemination.
Noname057(16) is the creator of the Ddosia project. They have conducted DDoS attacks against government and private organizations in Lithuania, Poland, and Italy. The group actively recruits volunteers through Telegram, offering rewards for participating in attacks. They also collaborate with other pro-Russian hacker collectives, such as Killnet and XakNet.
