Image Credentials: Image Title: International Crackdown Disrupts Pro-Russian Hacker Group NoName057(16) Source: (sora.chatgpt) Date: June 2025 Attribution: Created by AI-generated imagery (sora.chatgpt), it does not depict a real-world scene.
By Staff Writer | Open Chronicle with Agencies
July 16, 2025 — In a major international cybercrime crackdown, European and U.S. authorities have significantly disrupted the operations of NoName057(16), a pro-Russian hacker group infamous for orchestrating large-scale distributed denial-of-service (DDoS) attacks against Ukraine and its allies.
The joint action, dubbed Operation Eastwood, involved coordinated raids, server seizures, and legal proceedings across several countries. According to a statement released Wednesday by Europol, the operation targeted more than 100 servers allegedly used by NoName057(16) to coordinate and amplify its attacks. A substantial portion of the group’s central infrastructure has now been dismantled.
German Authorities Lead Legal Push
Germany issued six international arrest warrants for Russian nationals, including two believed to be ringleaders of the group. Since late 2023, German authorities have reported 14 waves of DDoS attacks attributed to NoName057(16), impacting over 250 public and private sector organizations.
In total, seven international arrest warrants have been issued, and several suspects have been placed on Europol’s “Most Wanted” list. Meanwhile, law enforcement has reached out to over 1,100 alleged group sympathizers via encrypted messaging platforms, warning them of potential legal consequences.
A Digital Army Fueled by Patriotism and Cryptocurrency
NoName057(16) surfaced shortly after Russia’s full-scale invasion of Ukraine in 2022, gaining notoriety for flooding websites of government institutions, critical infrastructure, and media outlets across Europe with DDoS attacks.
What makes the group particularly difficult to contain is its decentralized structure. Much of the cyber aggression is crowdsourced, with thousands of volunteers, many recruited through pro-Russian social media channels, forums, and chat groups, contributing to the campaigns. Organizers provided tutorials and shared targets while encouraging volunteers to involve friends from gaming or hacking communities.
Volunteers were often incentivized with cryptocurrency payments, public recognition, and digital achievement badges, mirroring the reward systems used in online gaming. Authorities said this approach effectively attracted and retained younger participants, many of whom viewed the activities as a form of digital patriotism.
Previous Arrests and a Wide Attack Footprint
In July 2023, Spanish authorities arrested three alleged members of NoName057 (16) for conducting DDoS attacks on public institutions and key sectors in Spain and other NATO countries.
The group has been linked to cyberattacks in Poland, the Czech Republic, Lithuania, Italy, and Switzerland. Notably, Swiss officials connected NoName057(16) to disruptions during President Zelensky’s 2023 address to the Swiss Parliament and the 2024 Ukraine Peace Summit. Dutch authorities recently implicated the group in a cyberattack during the NATO Summit in The Hague.
While most of the attacks caused limited lasting damage, experts and investigators caution that the group’s botnet infrastructure and fluid volunteer base represent a growing threat. According to Europol, the group utilized a botnet of several hundred servers, drastically increasing the scale of its attacks.
Ongoing Investigations
Europol emphasized that investigations into NoName057(16)’s wider network are still ongoing, including efforts to trace funding, leadership communication channels, and deeper links to state-sponsored cyber operations.
Security analysts say Operation Eastwood marks a turning point in international cyber policing, demonstrating that even loosely coordinated digital militias are not immune to sustained law enforcement efforts.
“The message is clear,” a Europol spokesperson said. “There is no safe haven online for those who weaponize the internet to attack democratic institutions and civilian infrastructure.”
Related posts:
Staff Writers at Open Chronicle produce in-depth, field-informed reporting on defense, diplomacy, cultural transformation, and global affairs. Known for clarity, accuracy, and analytical depth, they connect breaking developments to broader historical and strategic contexts. In addition to frontline journalism, Staff Writers also contribute to the Open Chronicle Encyclopedia, crafting authoritative entries that preserve critical knowledge and enrich public understanding.