The Sofia Globe

Bulgaria’s independent English-language news and features website.

Europe 

Global operation targets pro-Russian cybercrime network NoName057(16)

The Sofia Globe staff ,

A joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted pro-Russian cybercrime network NoName057(16), Europol said in a media statement on July 16.

Law enforcement and judicial authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands and the United States took simultaneous actions against offenders and infrastructure belonging to the pro-Russian cybercrime network.

The investigation was also supported by ENISA, as well as Belgium, Canada, Estonia, Denmark, Latvia, Romania and Ukraine. The private parties ShadowServer and abuse.ch also assisted in the technical part of the operation.

The actions led to the disruption of an attack-infrastructure consisting of more than 100 computer systems worldwide, while a major part of the group’s central server infrastructure was taken offline.

Germany issued six warrants for the arrest of offenders living in the Russian Federation. Two of these persons are accused of being the main instigators responsible for the activities of “NoName057(16)”.

In total, national authorities have issued seven arrest warrants, which are directed, inter alia, against six Russian nationals for their involvement in the NoName057(16) criminal activities.

All of the suspects are listed as internationally wanted, and in some cases, their identities are published in media.

Five profiles were also published on the EU Most Wanted website.

National authorities have reached out to several hundred of individuals believed to be supporters of the cybercrime network, Europol said.

The messages, shared via a popular messaging application, inform the recipient of the official measures highlighting the criminal liability they bear for their actions pursuant to national legislations.

“Individuals acting for NoName057(16) are mainly Russian-speaking sympathisers who use automated tools to carry out distributed denial-of-service (DDoS) attacks,” Europol said.

“Operating without formal leadership or sophisticated technical skills, they are motivated by ideology and rewards,” the European police co-operation agency said.

Offenders associated to the NoName057(16) cybercrime network targeted primarily Ukraine, but have shifted their focus to attacking countries that support Ukraine in the ongoing defence against the Russian war of aggression, many of which are members of Nato, the statement said.

National authorities have reported a number of cyberattacks linked to NoName057(16) criminal activities.

In 2023 and 2024, the criminal network has taken part in attacks against Swedish authorities and bank websites.

Since investigations started in November 2023, Germany saw 14 separate waves of attacks targeting more than 250 companies and institutions.

In Switzerland, multiple attacks were also carried out in June 2023, during a Ukrainian video-message addressed to the Joint Parliament, and in June 2024, during the Peace Summit for Ukraine at Bürgenstock.

Most recently, the Dutch authorities confirmed that an attack linked to this network had been carried out during the latest Nato summit in the Netherlands. These attacks have all been mitigated without any substantial interruptions.

Investigations by national authorities identified NoName057(16) as an ideological criminal network that has been seen to profess support to the Russian Federation and, in the context of the Russian war of aggression against Ukraine, has been linked to numerous DDoS cyberattacks.

During such attacks, a website or online service is flooded with traffic with the objective of overloading it and rendering it unavailable. In addition to the activities of the network, estimated at over 4000 supporters, the group was also able to construct their own botnet made up of several hundred servers, used to increase the attack load.

To share calls to action, tutorials, updates, and to recruit volunteers, the group leveraged pro-Russian channels, forums, and even niche chat groups on social media and messaging apps.

Volunteers often invited friends or contacts from gaming or hacking forums, forming small recruitment circles. These actors used platforms like DDoSia to simplify technical processes and provide guidelines, enabling new recruits to become operational quickly.

Participants were also paid in cryptocurrency, which incentivised sustained involvement and attracted opportunists.

“Mimicking game-like dynamics, regular shout-outs, leader boards, or badges provided volunteers with a sense of status. This gamified manipulation, often targeted at younger offenders, was emotionally reinforced by a narrative of defending Russia or avenging political events,” Europol said.

(Archive photo: flickr.com/ Victor-Semionov)

The Sofia Globe staff

The Sofia Globe - the Sofia-based fully independent English-language news and features website, covering Bulgaria, the Balkans and the EU. Sign up to subscribe to sofiaglobe.com's daily bulletin through the form on our homepage. https://www.patreon.com/user?u=32709292

You May Also Like

Europol launches European Migrant Smuggling Centre

The Sofia Globe staff

Frontex reports about 350 000 migrants entered the EU so far in 2016

Deutsche Welle

Across Europe, terror raids follow Paris attacks

Selah Hennessy of VOANews