European Cyber Cops Target NoName057(16) DDoS Network

European Cyber Cops Target NoName057(16) DDoS Network

A multinational cyber enforcement operation – led by the European Union's (EU's) Europol and Eurojust agencies – has successfully disrupted the NoName057(16) pro-Russian hacktivist cyber crime network responsible for multiple distributed denial of service (DDoS) attacks.

The operation, codenamed Operation Eastwood, aimed to dismantle the group's infrastructure and disrupt its operations. According to Europol, offenders associated with the network primarily focused on targets in Ukraine but shifted their focus to other European countries, many of them NATO members, following the outbreak of war in 2022.

"National authorities have reported a number of cyber attacks linked to NoName057(16) criminal activities," said Europol. "In 2023 and 2024, the criminal network has taken part in attacks against Swedish authorities and bank websites. Since investigations started in November 2023, Germany saw 14 separate waves of attacks targeting more than 250 companies and institutions."

The operation resulted in significant success, with Europol stating that 100 servers were taken down and a major part of the NoName operation's infrastructure was disrupted. Two arrests were made in France and Spain, while property searches took place across Europe.

Thirteen individuals have been questioned, over 1,000 "supporters" of the NoName network – including 15 admins – have been notified for their legal liability, and six arrest warrants have been issued against Russian nationals.

These individuals are understood to be Russian-speaking hacktivists who allegedly played a key role in developing and optimizing the software used to identify targets and attack them, as well as overseeing payments made to rent NoName's server infrastructure.

Unlike well-known Russian state threat actors such as Fancy Bear, the ideologically driven NoName network is thought to have acted more like a cyber criminal ransomware gang, without support from the Russian authorities but on the unspoken understanding that Moscow would not interfere with their work.

Europol estimates that at its peak, NoName had around 4,000 supporters and had built a botnet made up of several hundred servers, which were used to bombard their targets with junk traffic.

The operation highlights the importance of staying vigilant and proactive in the face of evolving threats from groups like NoName057(16). Experts recommend that organizations strengthen their defenses by implementing multi-layered security strategies, including robust DDoS protection, intrusion detection systems, and regular security audits.