Europol Dismantles NoName057(16) Hacker Network Spanning 100+ Servers

A significant portion of the pro-Russian cybercrime network NoName057(16), disrupting over 100 servers worldwide and issuing multiple arrest warrants against Russian nationals.

The coordinated effort, spanning from July 14-17, 2025, marked one of the largest cybercrime operations targeting infrastructure supporting Russia’s digital warfare efforts.

Operation Eastwood, coordinated by Europol and Eurojust, brought together law enforcement and judicial authorities from 12 countries including Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands, and the United States.

The operation received additional support from Belgium, Canada, Estonia, Denmark, Latvia, Romania, and Ukraine, with technical assistance from private partners ShadowServer and abuse.ch.

The synchronized actions resulted in significant disruption to the cybercrime network’s capabilities.

German authorities issued six arrest warrants for offenders residing in the Russian Federation, with two individuals identified as the main instigators behind NoName057(16)’s activities.

In total, seven arrest warrants were issued across participating nations, targeting six Russian nationals for their involvement in the criminal network.

The operation’s immediate results included two arrests—one preliminary arrest in France and one in Spain—along with 24 house searches conducted across multiple countries.

Authorities questioned 13 individuals and reached out to over 1,000 supporters of the network, including 15 administrators, notifying them of their legal liability through messaging applications.

Network’s Ideological Cyberattacks

NoName057(16) operated as an ideological criminal network supporting the Russian Federation, particularly in the context of Russia’s war of aggression against Ukraine.

The group primarily conducted distributed denial-of-service (DoS) attacks, flooding websites and online services with traffic to overload and render them unavailable.

Their targets initially focused on Ukraine but expanded to include countries supporting Ukraine’s defense efforts, many of which are NATO members.

The network employed sophisticated recruitment and motivation strategies, leveraging pro-Russian channels, forums, and messaging apps to share calls to action, tutorials, and recruit volunteers.

Participants were incentivized through cryptocurrency payments and gamified elements including leaderboards, badges, and regular recognition, creating game-like dynamics that particularly appealed to younger offenders.

The group utilized platforms like DDoSia to simplify technical processes and enable rapid operational deployment of new recruits.

Impact on Critical Infrastructure

According to Report, cybercrime network’s attacks targeted critical infrastructure and institutions across multiple countries.

In 2023 and 2024, NoName057(16) launched attacks against Swedish authorities and bank websites, while Germany experienced 14 separate attack waves targeting more than 250 companies and institutions since investigations began in November 2023.

Switzerland faced multiple attacks during high-profile events, including a Ukrainian video message to the Joint Parliament in June 2023 and the Peace Summit for Ukraine at Bürgenstock in June 2024.

Most recently, Dutch authorities confirmed attacks linked to the network during the latest NATO summit in the Netherlands.

Despite the scope of these attacks, authorities successfully mitigated them without substantial service interruptions.

The operation’s success in disrupting the network’s infrastructure represents a significant blow to pro-Russian cyber operations, though the full long-term impact remains to be assessed as international law enforcement continues monitoring for potential regrouping efforts.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.