Operation Eastwood dismantles DDoS infrastructure
Europol has announced the successful disruption of pro-Russian cyber gang NoName057(16), in a multinational crackdown dubbed Operation Eastwood.
The joint law enforcement operation involved coordinated actions across 12 countries including France, Spain, Sweden, Poland and Germany, with support from Eurojust and technical assistance from cybersecurity non-profits ShadowServer and Abuse.ch.
Two suspects were arrested, seven arrest warrants issued, 24 properties were searched and 100 servers – used by the group to launch DDoS attacks across Europe – were taken down.
Additionally, over 1,000 individuals linked to the network’s activities were notified of their legal liability, as authorities ramp up pressure on NoName’s online support base.
Europol said the gang operated as a loosely organised but ideologically motivated collective of Russian-speaking sympathisers. They use automated tools to attack critical infrastructure, financial institutions, energy providers, defence contractors and government websites.
Ukraine was the group’s primary target, but it had also expanded its focus to NATO allies, prompting heightened international concern.
Germany has issued six arrest warrants for suspects residing in the Russian Federation, two of whom are believed to be the principal orchestrators of NoName057(16)’s operations.
A total of seven suspects are now internationally wanted, and five profiles have been published on the EU Most Wanted list.
Investigations revealed that more than 4,000 individuals were actively involved in NoName057(16)’s DDoS campaigns, making them one of the largest ideologically motivated cybercrime collectives in Europe.
Recent high-profile attacks attributed to the group include:
- 14 coordinated DDoS waves against over 250 German organisations since November 2023
- Attacks on Swedish authorities and banks in 2023-2024
- Multiple attacks in Switzerland, including during the 2023 Ukrainian President’s video address to Parliament and the 2024 Peace Summit at Bürgenstock
- A confirmed cyberattack timed with the latest NATO summit in the Netherlands
All these incidents were successfully mitigated with minimal disruption.
Despite their rudimentary methods, the group managed to build a custom botnet of several hundred servers, dramatically increasing their attack capabilities.
“To share calls to action, tutorials, updates, and to recruit volunteers, the group leveraged pro-Russian channels, forums, and even niche chat groups on social media and messaging apps,” Europol said.
“Volunteers often invited friends or contacts from gaming or hacking forums, forming small recruitment circles. These actors used platforms like DDoSia to simplify technical processes and provide guidelines, enabling new recruits to become operational quickly. “
National authorities have sent targeted legal warnings via a popular messaging application to hundreds of suspected supporters, reminding them of criminal liability under their national laws.
The operation reflects a broader trend in international enforcement efforts.
Earlier in 2025, Europol arrested 17 suspects and seized millions of euros from a criminal banking network that facilitated money laundering through cryptocurrency and underground financial systems.
In January, a German-led operation shut down two of the world’s largest cybercrime forums, Cracked and Nulled.
Last year, the FBI and law enforcement agencies from several countries successfully seized the website and Telegram channel of BreachForums, a well-known online marketplace for stolen data and hacking tools.
In 2024, Russia-linked darknet marketplace Hydra was shut down in a joint operation carried out by the US and German authorities.
Click Here For The Original Source.
