Global Crackdown Hits Pro-Russian Cybercrime, 100+ Systems Taken Down Worldwide

In a major blow to pro-Russian cybercrime, authorities across Europe and the United States launched a sweeping international crackdown on the hacking group NoName057(16) between July 14th and 17th. The coordinated operation, codenamed Eastwood and led by Europol and Eurojust, targeted the group's members and infrastructure.

The investigation was further supported by ENISA and authorities from multiple countries, including Belgium, Canada, Estonia, Denmark, Latvia, Romania, and Ukraine. This massive effort brought together law enforcement and judicial authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands, and the United States to take down the hacking group's global attack infrastructure.

The operation was a significant success, disrupting over 100 computer systems and taking offline a substantial portion of the group's central servers. German authorities issued six arrest warrants for individuals residing in the Russian Federation, including two alleged ringleaders behind NoName057(16)'s operations. In total, national authorities have issued seven arrest warrants, targeting six Russian nationals suspected of involvement in the group's criminal activities.

The suspects are now internationally wanted, with some of their identities publicly disclosed in the media. National authorities have contacted several hundred individuals suspected of supporting the NoName057(16) cybercrime network. Using a popular messaging platform, officials sent notices informing recipients of the legal consequences they may face under national laws for their involvement.

The group's supporters are primarily Russian-speaking sympathizers who use automated tools to launch DDoS attacks. Lacking formal leadership or advanced technical expertise, these individuals are driven by ideological motives and the prospect of rewards. Members of the NoName057(16) cybercrime network initially focused their attacks on Ukraine but have since expanded their targets to include countries that support Ukraine in its defense against Russia's war of aggression, many of them NATO members.

National authorities have reported numerous cyberattacks linked to the group. In 2023 and 2024, NoName057(16) was involved in attacks on Swedish government agencies and banking websites. Since the investigation began in November 2023, Germany has experienced 14 distinct waves of attacks, affecting more than 250 companies and institutions.

In Switzerland, the group launched multiple attacks in June 2023, coinciding with a Ukrainian video address to the Joint Parliament, and again in June 2024 during the Peace Summit for Ukraine held at Bürgenstock. Most recently, Dutch authorities confirmed that an attack attributed to NoName057(16) occurred during the NATO summit in the Netherlands. All of these incidents were successfully mitigated without causing significant disruption.

The coordinated effort by law enforcement and judicial authorities across Europe and North America has dealt a significant blow to the pro-Russian cybercrime group. The operation demonstrates the importance of international cooperation in combating cybercrime and highlights the need for vigilance in the face of evolving threats from state-sponsored actors.