Jens Asbjørn Bøgen
The network is known to perform DDoS attacks in favor of Russia.
The network is known to perform DDoS attacks in favor of Russia.
What is happening?
Between July 14 and 17, a sweeping joint operation codenamed Eastwood targeted the cybercrime group NoName057(16), believed to be behind widespread pro-Russian DDoS attacks.
Private groups assisting authorities
Coordinated by Europol and Eurojust, the crackdown involved authorities from 13 countries, with support from over a dozen more, as well as private cybersecurity groups ShadowServer and abuse.ch.
NoName057(16)’s Global Infrastructure Hit Hard
Authorities disrupted a vast network of over 100 servers linked to NoName057(16), taking much of its core infrastructure offline.
Arrest warrants and EU Most Wanted
Germany issued six arrest warrants for suspects based in Russia, including the group’s alleged masterminds.
In total, seven arrest warrants were issued, with five suspects now featured on the EU Most Wanted list.
Hundreds of Followers Warned of Legal Consequences
Law enforcement sent messages via a popular chat app to hundreds of individuals believed to be affiliated with NoName057(16), including 15 administrators.
These notifications served as a legal warning, underlining their potential liability for cyberattacks linked to the group under national laws.
Arrests, Raids, and Questioning Across Europe
Operation Eastwood resulted in two arrests—one each in France and Spain—alongside 24 house searches across eight countries.
Authorities also questioned 13 individuals believed to be connected to the group’s activities, part of a broader effort to dismantle the loosely organized but highly disruptive network.
Ideologically Driven
Unlike traditional cybercrime syndicates, NoName057(16) operates more like a digital militia.
Its members are largely ideologically motivated Russian-speaking sympathizers.
Many lack advanced technical skills, relying on automated tools to launch DDoS attacks under the illusion of fighting a digital war for Russia.
A Growing List of High-Profile Targets
Originally focused on Ukraine, the group expanded its targets to include NATO countries supporting Ukraine.
Attacks have hit Swedish banks, German institutions, Swiss political events, and even the recent NATO summit in the Netherlands.
Germany: Repeated Waves of Attacks Since Late 2023
Since November 2023, Germany has faced 14 distinct waves of cyberattacks tied to NoName057(16), affecting over 250 organizations.
Europol and Eurojust: The Backbone of Coordination
Europol played a central role, facilitating over 30 meetings and coordinating real-time action via a command centre and virtual post.
The agency offered analytical support, cryptocurrency tracing, and a public awareness campaign warning potential accomplices.
Eurojust handled legal coordination, ensuring swift execution of cross-border legal procedures.
Gamification: Cybercrime Meets Social Media Culture
Investigators discovered that NoName057(16) lured recruits using a combination of propaganda, peer pressure, and game-like rewards.
Many were drawn from gaming and hacking forums, turning political ideology into a competitive cyber sport.
A Warning Shot to Digital Militants Worldwide
With much of NoName057(16)’s infrastructure disabled and key figures under international warrants, Operation Eastwood sends a strong message. Ideologically motivated cyberattacks—however decentralized or gamified—will face coordinated, global responses.
