Police Shut Down 100 Servers Tied to Russian NoName057(16), Arrest 2

In a coordinated operation this week, law enforcement from a dozen countries gathered together in an attempt to dismantle the infrastructure of the pro-Russian hacking group known as NoName057(16). The operation, named Eastwood, was led by Europol and Eurojust and included action across Europe and North America.

NoName057(16) has been known for flooding websites with traffic in politically motivated distributed denial-of-service (DDoS) attacks. Their usual targets have ranged from Ukrainian government platforms to critical websites in NATO countries that support Ukraine.

While many of their attackers were disruptive, they rarely caused long-lasting damage due to quick mitigation from targeted organisations. What’s noteworthy is that this group didn’t rely on elite hackers with advanced techniques. Instead, its strength came from numbers. Investigators found more than 4,000 people involved, many of them Russian-speaking with limited technical skills.

The group relied heavily on automation tools and “gamified tactics” to recruit and motivate followers. Some were lured in with cryptocurrency payments and leaderboard-style shoutouts that turned cyberattacks into a form of competitive sport.

According to Europol’s press release, during the joint operation between 14 and 17 July, over 100 servers connected to the group’s operations were taken offline. Authorities also carried out 24 house searches in seven countries, questioned 13 individuals, and made two arrests in France and Spain.

Germany, which has been a major target of the group’s activity, issued six arrest warrants. These include two people accused of being central figures in NoName057(16)’s operations. Seven arrest warrants have been issued in total, all linked to Russian nationals who are now internationally wanted.

Since its emergence, NoName057(16) also targeted countries that backed Ukraine with military or diplomatic support. In Germany alone, 14 waves of DDoS attacks since late 2023 have hit more than 250 organisations. Similar attempts were reported during major political events in Switzerland and the Netherlands, including the NATO summit and the 2024 Ukraine Peace Summit.

The investigators also took a different route to put pressure on low-level participants. More than 1,000 supporters of the network received official warnings via messaging apps, with 15 of them flagged as administrators. The messages reminded them of their individual legal liability under national laws.

Authorities have also pointed out that NoName057(16) doesn’t need a traditional chain of command to keep going. Instead, they used a mix of messaging apps, social media, and online forums to spread attack guides, updates, and propaganda. These channels also recruited individuals, often coming from gaming or low-level hacking communities.

Although Operation Eastwood has disrupted NoName057(16)’s infrastructure, it doesn’t mean the group is finished. Russian-based groups have a track record of rebranding or regrouping and continuing their attacks.