Operation Eastwood: A Major Blow to Pro-Russian Hacker Group NoName057(16)
In a significant operation targeting the pro-Russian hacker group NoName057(16), international law enforcement authorities have disrupted the activities of this notorious cybercrime network. The joint international operation, known as Eastwood, was coordinated by Europol and Eurojust and involved law enforcement and judicial authorities from 12 countries across Europe and North America.
According to a press release published by Europol, the investigation into NoName057(16) was supported by several organizations, including ENISA, Belgium, Canada, Estonia, Denmark, Latvia, Romania, and Ukraine. The private parties ShadowServer and abuse.ch also assisted in the technical part of the operation.
Operation Eastwood resulted in the disruption of over 100 systems and key central servers belonging to NoName057(16). Authorities issued seven arrest warrants, including six targeting Russian nationals, two of whom are accused as the main instigators. Suspects are internationally wanted, with five listed on the EU Most Wanted site.
Hundreds of group supporters were warned about their legal liability for aiding the group’s Distributed Denial-of-Service (DDoS) attacks, often driven by pro-Russian ideology. The operation struck a major blow to the group's operations and disrupted their ability to launch DDoS attacks against countries supporting Ukraine, many of which are NATO members.
NoName057(16) has been linked to several high-profile attacks in recent years, including targeting Swedish government and banking sites, hitting over 250 German entities in 14 attack waves, and disrupting events in Switzerland, including the Ukraine Peace Summit. Dutch authorities also linked them to an attack during the recent NATO summit.
The group has over 4,000 supporters and employs a self-built botnet composed of hundreds of servers. They spread propaganda and recruit through social media, forums, and niche chat apps, using platforms like DDoSia to lower technical barriers. Participants were often paid in cryptocurrency, which incentivized sustained involvement and attracted opportunists.
According to Europol, the group's tactics included "gamified manipulation," where regular shout-outs, leader boards, or badges provided volunteers with a sense of status, and emotionally reinforced their participation by telling them they were defending Russia or avenging political events. This approach was particularly effective in targeting younger offenders.
Operation Eastwood demonstrates the growing effectiveness of international cooperation in disrupting cybercrime networks. The operation is a significant blow to NoName057(16) and sends a strong message that such activities will not be tolerated.
Key Findings of Operation Eastwood
- 7 arrest warrants issued, including 6 targeting Russian nationals
- Over 100 systems and key central servers disrupted
- 24 house searches conducted across multiple countries
- 13 individuals questioned
- Over 1,000 supporters notified about their legal responsibility
- DDoS attacks against countries supporting Ukraine have been linked to the group
- The group has over 4,000 supporters and employs a self-built botnet composed of hundreds of servers
About NoName057(16)
NoName057(16) is a pro-Russian hacker group known for launching DDoS attacks against countries supporting Ukraine, many of which are NATO members. The group has been linked to several high-profile attacks in recent years, including targeting Swedish government and banking sites, hitting over 250 German entities in 14 attack waves, and disrupting events in Switzerland, including the Ukraine Peace Summit.
The group's activities are driven by a pro-Russian ideology and have been widely condemned by law enforcement authorities. Operation Eastwood marks a significant blow to the group's operations and sends a strong message that such activities will not be tolerated.