Europol Takes Down NoName057(16)’s Global Network of Over 100 Servers

Operation Eastwood, coordinated by Europol and Eurojust, successfully dismantled the hacktivist collective’s global infrastructure consisting of over 100 servers worldwide.

The joint action involved authorities from 12 core countries including Germany, France, Spain, the Netherlands, United States, and others, with additional support from eight nations.

The takedown yielded significant enforcement outcomes: two arrests in France and Spain, seven international arrest warrants (six issued by Germany), and 24 house searches across multiple jurisdictions.

German authorities specifically targeted six Russian nationals believed to be the main instigators, with two identified as primary leaders of the criminal network.

Most significantly, law enforcement disrupted over 100 servers globally and took the major portion of NoName057(16)’s central infrastructure offline.

Over 1,000 supporters received legal liability notifications via messaging applications, with 15 administrators specifically identified.

The NoName057(16) Threat

NoName057(16) emerged as an ideologically-motivated cybercrime network supporting Russian interests through distributed denial-of-service (DDoS) attacks.

The group primarily targeted Ukraine initially but expanded operations against NATO countries supporting Ukraine’s defense against Russian aggression.

The network operated through sophisticated gamification tactics, using cryptocurrency payments and leaderboard systems to motivate over 4,000 supporters.

Volunteers, primarily Russian-speaking sympathizers, used automated DDoS tools without requiring advanced technical skills. The group leveraged social media platforms and messaging apps for recruitment and coordination.

National authorities documented numerous high-profile attacks linked to NoName057(16). In 2023-2024, the network targeted Swedish government and banking websites.

Germany experienced 14 separate attack waves against more than 250 companies and institutions since investigations began in November 2023.

Switzerland faced multiple attacks during the Ukrainian Peace Summit at Bürgenstock in June 2024, while the Netherlands confirmed attacks during the recent NATO summit.

Despite the scale of these operations, authorities successfully mitigated most attacks without substantial service interruptions.

Europol facilitated extensive coordination through over 30 meetings and two operational sprints, while providing analytical support, cryptocurrency tracing, and forensic expertise.

The agency’s Joint Cybercrime Action Taskforce (J-CAT) supported the operation with cyber liaison officers from multiple countries.

Eurojust coordinated judicial activities and executed multiple European Investigation Orders during the action day. Private sector partners including ShadowServer and abuse.ch provided crucial technical assistance.

The operation represents a significant milestone in international cybercrime enforcement, demonstrating effective coordination against ideologically-motivated cyber threats that exploit geopolitical tensions for criminal purposes.

Get Free Ultimate SOC Requirements Checklist Before you build, buy, or switch your SOC for 2025 - Download Now