Operation Eastwood: A Major Blow to Pro-Russian Hacker Group NoName057(16)

TL;DR

International law enforcement agencies, led by Europol and Eurojust, successfully disrupted the activities of the pro-Russian hacker group NoName057(16) in a coordinated operation known as Operation Eastwood. The operation resulted in the dismantling of the group’s infrastructure and the issuance of multiple arrest warrants. The group had been carrying out DDoS attacks against countries supporting Ukraine, with significant mitigation efforts ensuring minimal disruptions.

Main Content

International Law Enforcement Operation Disrupts Pro-Russian Hacker Group NoName057(16)

European and U.S. authorities have successfully disrupted the activities of the pro-Russian hacktivist group NoName057(16) through a coordinated international operation known as Operation Eastwood. This operation, led by Europol and Eurojust, involved law enforcement and judicial authorities from multiple countries, including Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands, and the United States.

Operation Details

Between July 14 and 17, authorities executed a series of coordinated actions against the pro-Russian cybercrime network NoName057(16). The operation led to the disruption of the group’s infrastructure, including the takedown of over 100 systems and key central servers. Seven arrest warrants were issued, with six targeting Russian nationals, two of whom are considered the main instigators. Five of these individuals are listed on the EU Most Wanted site.

Hundreds of supporters of the group were warned about their legal liability for aiding in the DDoS attacks, which were often motivated by pro-Russian ideology¹.

Key Achievements

Operation Eastwood dealt a significant blow to NoName057(16). Authorities made two arrests, one in France and another in Spain, and issued seven arrest warrants, six by Germany and one by Spain. Law enforcement conducted 24 house searches across multiple countries, including Czechia, France, Germany, Italy, Spain, and Poland. Thirteen individuals were questioned, and over 1,000 supporters, including 15 administrators, were notified via messaging apps about their legal responsibilities².

Group Activities and Impact

NoName057(16) has been responsible for a series of DDoS attacks against countries supporting Ukraine, many of which are NATO members. Since 2023, the group has targeted Swedish government and banking sites, hit over 250 German entities in 14 attack waves, and disrupted events in Switzerland, including the Ukraine Peace Summit. Dutch authorities also linked the group to an attack during the recent NATO summit. Despite these attacks, all incidents were mitigated without major disruptions.

The group has over 4,000 supporters and employs a self-built botnet composed of hundreds of servers. They spread propaganda and recruit through social media, forums, and niche chat apps, using platforms like DDoSia to lower technical barriers. Participants were also paid in cryptocurrency, which incentivized sustained involvement and attracted opportunists³.

Conclusion

Operation Eastwood represents a significant victory in the ongoing battle against cybercrime. The coordinated efforts of international law enforcement agencies have successfully disrupted the operations of NoName057(16), sending a strong message to other cybercriminal groups. As the digital landscape continues to evolve, such collaborative efforts will be crucial in maintaining cybersecurity and protecting critical infrastructure.

References

1. Europol (2025, July 16). “Global operation targets NoName057(16) pro-Russian cybercrime network”. Europol Newsroom. Retrieved 2025-07-16. ↩︎

2. Security Affairs (2025, July 16). “Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)”. Security Affairs. Retrieved 2025-07-16. ↩︎

3. Security Affairs (2023). “DDoSia attack tool upgrade”. Security Affairs. Retrieved 2025-07-16. ↩︎