Before the World Economic Forum 2026 kicks off in Davos, the global spotlight is once again turning to Switzerland. This not only for high‑level political and economic talks, but also for its exposure to cyber risks. In the past two years, pro‑Russian hacktivist groups like NoName057(16) have repeatedly used the WEF as a stage for DDoS campaigns against Swiss institutions, seeking attention rather than data theft, and there is every reason to assume that similar activities will attempt to ride on the media wave of WEF 2026.
NoName057(16): Pro-Russian DDoS Hacktivists
NoName057(16) emerged in March 2022 as a pro-Russian hacktivist collective, coordinating DDoS attacks via Telegram to target Ukraine, NATO members, and Western entities seen as anti-Russian. Unlike ransomware groups, it recruits thousands of volunteers using the DDoSia toolkit, offering crypto incentives for crowd-sourced disruptions timed to geopolitical events like the WEF.
- NoName057(16) DDoS January 2024
- DDoS in Switzerland in June 2024
- DDoS risk Eurovision Song Contest 2025
Law-Enforcement Raid Fails to Silence NoName057(16)
In mid‑July 2025, an international law‑enforcement coalition launched operation Eastwood, coordinated by Europol and Eurojust, to disrupt the pro‑Russian DDoS group NoName057(16) by targeting both its members and key infrastructure across multiple countries. The action caused a visible pause in the group’s configuration updates and temporarily disrupted its operations, but just days later new target lists reappeared, focusing on law‑enforcement and local‑government websites in Germany and Italy, showing that despite the successful raid, NoName057(16) quickly returned to the DDoS landscape
NoName057(16)’s Telegram and X Go Quiet
The previously known communication channels appear to be closed and gone. Neither on Telegram nor on X.com can I currently find their presence.
WEF 2026 Kicks Off
The World Economic Forum did start today on Monday January 19th, 2026. In the morning. With high-profile attendees including current U.S. President Donald Trump, Ukrainian President Volodymyr Zelenskyy, German Chancellor Friedrich Merz, French President Emmanuel Macron, and UK Prime Minister Keir Starmer, alongside CEOs from major firms like Microsoft, BlackRock, and Goldman Sachs, the event draws unprecedented global media attention that amplifies cyber risks.
Tracking NoName057(16) Targets via witha.name
witha.name serves as a public monitoring site dedicated to real-time tracking of NoName057(16)’s DDoSia botnet configurations, which the group updates daily via JSON files on their C2 servers. The site parses these configs, split into “targets” (specific hostnames, IPs, attack types like HTTP/3 or UDP floods, ports, paths, and randomized payloads) and “randoms” (rule sets for evasion). All provided as downloadable JSON and CSV files with near-real-time updates. It offers defenders a free, automated view into upcoming attack lists without requiring direct access to the protected C2 infrastructure
My reporting also follows these JSON files which I download and analyze.
Monday January 20th, 2026
Even though today is the start, the first agenda item is the open concert at 18:00, which means many will probably travel during the day. For Tuesday, the primary session times are between 08:00 and 18:00, so attendees will likely not travel to Davos but have to be in Davos to attend the morning sessions. In past years this was the phase where transport companies and cities were often in the crosshairs. While checking the configurations reveals that the targets did switch from Poland to Czechia.
Looking back, everyone remained calm regarding WEF 2026. No targets were selected in Switzerland. Fingers crossed it will stay this way.
Tuesday January 21st, 2026
Also, Tuesday came and went, with no mention in the news and no targets in Switzerland on the NoName057(16) target list.
Wednesday January 22nd, 2026
We made it through Wednesday, with no mention in the news and no targets in Switzerland on the NoName057(16) target list.
Thursday January 23rd, 2026
The same way Thursday came and went, with no mention in the news and no targets in Switzerland on the NoName057(16) target list.
Friday January 24th, 2026
The WEF ended so for people not already left, they will be leaving Davos probably today. But also Friday passed with no mention in the news and no targets in Switzerland on the NoName057(16) target list.
Conclusion WEF 2026
With that, this seems to be the quietest WEF in the past few years despite the huge attention the WEF 2026 had. However, investing in DDoS preparedness is always good and might help another day. In case I see retroactive posts about attacks not known at the time of posting, I will add this information. But for now, this will be it for WEF 2026 in cyberspace.