A multinational cyber enforcement operation, spearheaded by the European Union’s Europol and Eurojust agencies, has successfully disrupted the NoName057(16) pro-Russian hacktivist cyber crime network responsible for multiple distributed denial of service (DDoS) attacks.
According to Europol, the offenders associated with the network initially targeted primarily targets in Ukraine but expanded their focus to other European countries, particularly Nato members, following the outbreak of war in 2022.
The criminal network, known as NoName057(16), engaged in cyber attacks against Swedish authorities and bank websites in 2023 and 2024. Germany experienced 14 waves of attacks targeting over 250 companies and institutions, while Switzerland witnessed multiple attacks during significant events such as a Ukrainian video message to the Joint Parliament and the Peace Summit for Ukraine at Bürgenstock.
Most recently, Dutch authorities confirmed an attack linked to the network during a Nato summit in the Netherlands. Fortunately, these attacks were mitigated without major disruptions.
The operation, dubbed Operation Eastwood, led to the takedown of 100 servers and a significant portion of the NoName operation’s infrastructure. Two arrests were made in France and Spain, with 24 property searches conducted across Europe. Additionally, 13 individuals were questioned, and over 1,000 supporters of the NoName network, including 15 admins, were notified of their legal liability.
Furthermore, German authorities issued six arrest warrants against Russian nationals, including individuals believed to be key ringleaders. These individuals are listed on Europol’s Most Wanted website and are suspected to be located in Russia.
Unlike state-sponsored threat actors like Fancy Bear, the NoName network operated as a cyber criminal ransomware gang, without direct support from Russian authorities. The group amassed around 4,000 supporters at its peak and built a botnet of several hundred servers used for launching DDoS attacks.
NoName’s leaders recruited volunteers through pro-Russian channels, web forums, and social media groups, offering platforms like DDoSia to simplify cyber attacks. The group incentivized its volunteer army with cryptocurrency payments and gamified the experience with leaderboards and badges.
Although the recent crackdown disrupted NoName’s operations, the group continues to operate through encrypted channels, shifting towards more sophisticated methods. Organizations are advised to strengthen their cybersecurity defenses and educate employees about the risks of cyber attacks.
Authorities from multiple countries collaborated in the operation, with support from private sector entities providing technical assistance. The successful disruption of the NoName057(16) network demonstrates the importance of international cooperation in combating cyber threats.