In an unprecedented international effort, law enforcement and judicial authorities from over 20 countries launched Operation Eastwood to dismantle the pro-Russian cybercrime group NoName057(16), responsible for numerous DDoS attacks targeting Ukraine and its allies.
Coordinated Action Across Borders Between July 14 and 17, 2025, coordinated raids and digital takedowns were executed under the leadership of Europol and Eurojust. The operation involved Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands, the United States, and several supporting nations including Canada, Estonia, and Ukraine. ENISA, ShadowServer, and abuse.ch provided essential technical support.
Major Operational Outcomes
- Over 100 attack servers disrupted globally
- Central infrastructure of NoName057(16) taken offline
- 2 arrests (France and Spain)
- 7 arrest warrants issued (6 by Germany)
- 24 house searches conducted
- 13 individuals interrogated
- 1,000+ suspected supporters warned of legal liabilities
German authorities issued six arrest warrants for Russian nationals, including the two alleged masterminds of the cyber network. Five suspects were listed on the EU Most Wanted website.
Targeted Attacks Across Europe and Beyond NoName057(16) initially focused its attacks on Ukraine, then expanded its cyber offensive to NATO members and EU nations. Notable attacks include:
- Swedish government and financial institutions (2023–2024)
- Over 250 German organizations targeted in 14 DDoS waves
- Swiss Parliament (June 2023) and Bürgenstock Peace Summit (June 2024)
- NATO Summit in the Netherlands (2025)
These attacks, though impactful, were mitigated without major disruptions.
Europol and Eurojust at the Helm Europol facilitated coordination among national law enforcement and private entities. Their contributions included:
- Over 30 operational coordination meetings
- Cryptocurrency tracing and forensic expertise
- A centralized Virtual Command Post and coordination center
Eurojust ensured legal cooperation, enabling smooth execution of European Investigation Orders and last-minute judicial requests.
DDoS-as-a-Service, Gamification, and Ideology Investigations uncovered that NoName057(16) operated via decentralized recruitment, often appealing to Russian-speaking youth through:
- Messaging apps and pro-Russian forums
- Gamified incentives like leaderboards and badges
- Cryptocurrency rewards for successful attacks
The group used platforms like DDoSia to automate and guide DDoS participation, building a botnet from hundreds of servers to amplify their reach.
A Wake-Up Call for Cyber Resilience Operation Eastwood highlights both the power of multinational cooperation and the need for robust cyber resilience. The gamified, decentralized, and ideologically driven nature of NoName057(16) sets a precedent for future cyber threats.