This post is also available in:
עברית (Hebrew)
A major international law enforcement effort has dealt a significant blow to NoName057(16), a pro-Russian cyber group responsible for thousands of distributed denial-of-service (DDoS) attacks across Europe. The operation, codenamed Eastwood, led to the takedown of the group’s core infrastructure and the disruption of more than 100 servers used to coordinate cyberattacks.
According to the press release, Between July 14 and 17, coordinated raids were carried out in 24 locations across multiple European countries. Two suspects were arrested—one in France and another in Spain—while seven arrest warrants were issued, including six targeting individuals believed to be operating from Russia. Authorities also searched homes in Czechia, Germany, Italy, Spain, Poland, and France, and questioned 13 individuals as part of the investigation.
In addition, as part of Operation Eastwood Over 100 criminal servers were taken offline, key components of the group’s command infrastructure were disabled and Notifications were sent to over 1,000 group supporters, including 15 administrators, warning them of their potential legal liability.
NoName057(16) has been active since the onset of Russia’s war in Ukraine, launching politically motivated cyberattacks on government and financial websites across NATO-aligned states. Germany alone reported 14 waves of attacks affecting over 250 organizations. Sweden, Switzerland, and the Netherlands were also among the group’s recent targets.
The group’s tactics centered around DDoS campaigns, in which online services are deliberately overwhelmed with internet traffic, rendering them inaccessible. Europol confirmed that while many services were targeted, no critical infrastructure was severely disrupted thanks to rapid mitigation by defenders.
Investigators say the group was structured more like an online movement than a traditional cybercrime ring. Recruits were often sourced from gaming and hacking forums, where calls to action and attack tutorials were openly shared. Many participants were incentivized with cryptocurrency payments and motivated through gamified elements like leaderboards and digital badges—tools that particularly appealed to younger users.
The operation underscores the increasing convergence of ideological extremism, gamified propaganda, and cybercrime—and the growing importance of cross-border cooperation in combating digitally coordinated threats.
