Investigating the Infrastructure Behind DDoSia's Attacks

DDoSia is a participatory DDoS tool run by the pro‑Russian hacktivist group NoName057(16) since 2022; volunteers run provided binaries to conduct coordinated DDoS attacks primarily against Ukraine, NATO states, and allied infrastructure. The report details DDoSia’s multi‑layered control infrastructure, short‑lived VPS‑hosted control servers, observed targeting and scale (estimated under 10k bots), identified client binaries with SHA256 hashes, law enforcement disruption in July 2025, and the continued reconstitution and activity observed by Censys through late 2025, emphasizing the need for DDoS mitigation.