Europol leads global takedown of pro-Russian hacktivist group NoName057(16)
Cops smash Moscow-linked group blamed for a number of DDoS attacks and believed to wield a huge botnet.
Europol has launched an international sting against a pro-Russian cybercrime network called NoName057(16).
Cops in a dozen countries around the world simultaneously swooped on suspects and infrastructure linked to the shadowy hacktivists, who have been linked to a number of incidents.
In 2023 and 2024, the criminal network is alleged to have taken part in attacks against Swedish authorities and bank websites. Since investigations started in November 2023, Germany has also experienced 14 waves of attacks targeting more than 250 companies and institutions.
Switzerland suffered multiple attacks in June 2023 as Ukrainian officials delivered a video-message to the Joint Parliament and also in June 2024 during the Peace Summit for Ukraine at Bürgenstock.
The Dutch authorities recently confirmed that an attack linked to this network was carried out during the latest NATO summit in the Netherlands.
"These attacks have all been mitigated without any substantial interruptions," Eurpol claimed.
Do you feel lucky, punk?
Authorities in Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands and the United States took part in a joint international operation called Eastwood on 14 and 17 July (hence the Clint Eastwood video shared above).
These actions led to the disruption of an attack infrastructure made up of more than one hundred computer systems worldwide, leading to a "major part of the group's central server infrastructure" being taken offline.
Germany also issued six arrest warrants for offenders living in the Russian Federation - who we're sure are probably not quaking in their boots at the thought of German cops being ineffectively miffed on the other side of the rebuilt Iron Curtain.
Two of these persons are accused of being the "main instigators responsible for the activities of NoName057(16)".
In total, national authorities have now issued seven arrest warrants against six Russian nationals for their involvement in the gang's activities. All of the suspects are listed as internationally wanted and five profiles were also published on the EU Most Wanted website.
Additionally, law enforcement has reached out to several hundred individuals who are believed to be supporters of the cybercrime network.
"The messages, shared via a popular messaging application, inform the recipient of the official measures highlighting the criminal liability they bear for their actions pursuant to national legislations," Europol wrote.
"Individuals acting for NoName057(16) are mainly Russian-speaking sympathisers who use automated tools to carry out distributed denial-of-service (DDoS) attacks. Operating without formal leadership or sophisticated technical skills, they are motivated by ideology and rewards."
The operation resulted in:
- 2 arrests (1 preliminary arrest in France and 1 in Spain)
- 7 arrest warrants issued (6 by Germany, and 1 by Spain)
- 13 individuals questioned (2 in Germany, 1 in France, 4 in Italy, 1 in Poland, 5 in Spain)
- Over 1,000 supporters, including 15 administrators, were told of their potential legal liability via a messaging app (which we're presuming is Telegram).
- Over 100 servers disrupted worldwide
- Major part of NoName057(16) main infrastructure taken offline
24 house searches (2 in Czechia, 1 in France, 3 in Germany, 5 in Italy, 12 in Spain, 1 in Poland)
Investigating NoName057(16)
This rather clumsily named group is believed to be an "ideological criminal network" supports Russia and has been blamed to a number of DDoS attacks linked to the war in Ukraine.
It is believed to have a 4000-strong network of supporters and wield a bonnet made up of several hundred servers.
Explaining its tactics, Europol wrote: "To share calls to action, tutorials, updates, and to recruit volunteers, the group leveraged pro-Russian channels, forums, and even niche chat groups on social media and messaging apps.
"Volunteers often invited friends or contacts from gaming or hacking forums, forming small recruitment circles. These actors used platforms like DDoSia to simplify technical processes and provide guidelines, enabling new recruits to become operational quickly.
"Participants were also paid in cryptocurrency, which incentivised sustained involvement and attracted opportunists.
"Mimicking game-like dynamics, regular shout-outs, leader boards, or badges provided volunteers with a sense of status. This gamified manipulation, often targeted at younger offenders, was emotionally reinforced by a narrative of defending Russia or avenging political events."
