massiveEurope-based operation targeting pro-Russian hacking collective
In a significant move against cybercrime, law enforcement agencies from multiple countries, including Europe, Canada, and the United States, have successfully dismantled the pro-Russian hacker group NoName057(16). The operation, known as Operation Eastwood, was coordinated by Europol and Eurojust, with input from the European Union Agency for Cybersecurity (ENISA), and involved 12 European countries, Canada, and the United States, as well as additional support from Belgium, Estonia, Denmark, Latvia, Romania, and Ukraine.
NoName057(16) emerged in the context of Russia’s full-scale invasion of Ukraine and initially targeted Ukrainian infrastructure. However, the group's operations expanded to include European Union (EU) and NATO member states. The group's primary tactic was conducting distributed denial-of-service (DDoS) attacks, flooding websites and online services with traffic to render them unavailable.
The hackers of NoName057(16) targeted a broad range of organizations, focusing on critical infrastructure, government institutions and municipalities, energy suppliers and public transportation systems, sites linked to major political events, and civil society organizations and media perceived as supportive of Ukraine. The group’s attacks were not only disruptive but also ideologically motivated, seeking to retaliate against countries and entities supporting Ukraine.
The operation dismantled over 100 computer systems and took down major central servers linked to NoName057(16), significantly degrading the group’s operational capacity. Two arrests were made—one in France and one in Spain. Germany issued six arrest warrants (including two for alleged main organizers), all targeting Russian nationals, with five listed on Europol’s Europe’s Most Wanted site. In total, seven arrest warrants were issued for six suspects (almost all based in Russia). Hundreds of individuals who supported the group’s DDoS attacks were warned of potential legal consequences for their involvement.
The operation highlighted extensive cross-border collaboration, with simultaneous actions across multiple jurisdictions to disrupt both the group’s technical infrastructure and its human network. The core infrastructure of NoName057(16) has been disrupted, and key members are under legal pursuit, though most remain at large in Russia. The operation has delivered a significant blow to the group’s ability to conduct large-scale cyberattacks, but the long-term impact will depend on continued international vigilance and law enforcement cooperation.
Recently, the Dutch authorities confirmed that they detected an attack linked to the NoName057(16) network during the last NATO summit in The Hague. The group attempted to disrupt the peace formula summit in Switzerland. The operation against NoName057(16) targeted a large-scale network of pro-Russian hackers, and the group's activities have been publicly documented. Further arrests or disruptions may follow as investigations continue.
The dismantling of NoName057(16) by law enforcement agencies has raised concerns about the implications of their activities on the health and general-news sectors, as the group targeted various government institutions, media, and civil society organizations. This operation also underscores the significant impact of cyberattacks on the economy, as energy suppliers and public transportation systems were among their primary targets. Furthermore, the ideologically motivated nature of NoName057(16)'s attacks has raised concerns in the realm of politics and crime-and-justice, as they sought to retaliate against countries and entities supporting Ukraine.
