European law enforcement agencies have dismantled a major pro-Russian cybercrime group known as NoName057(16), arresting two members, issuing multiple international warrants, and disrupting the group’s core digital infrastructure, Europol announced Wednesday.
The group, accused of orchestrating a wave of cyberattacks against Ukraine and nations supporting Kyiv in its defense against Russia’s invasion, was targeted in a coordinated three-day operation involving police forces across Europe and the United States. According to Europol, NoName057(16) operated as a loosely organized network of Russian-speaking sympathizers who carried out distributed denial-of-service (DDoS) attacks using automated tools.
Authorities confirmed the arrest of one suspect in France and another in Spain. Additionally, Germany issued six arrest warrants for suspects believed to be residing in Russia, and another warrant was issued elsewhere in Europe.
“NoName057(16) has been active since the start of the war in Ukraine and has carried out numerous cyberattacks during major political events across Europe,” the European Union Agency for Criminal Justice Cooperation (Eurojust) said in a statement. The group is believed to have operated under the banner of support for the Russian Federation and leveraged online forums, pro-Russian channels, and obscure social media chat groups to recruit thousands of volunteers.
The crackdown, codenamed Operation Eastwood, was coordinated by Europol and Eurojust, with support from law enforcement agencies in the United States, Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, and the Netherlands. The FBI was among the U.S. agencies involved.
Investigators estimated that NoName057(16) had mobilized roughly 4,000 users to take part in its cyber operations. As part of the operation, authorities sent warnings to around 1,000 suspected supporters, informing them of their potential legal liability.
The takedown involved searches of over two dozen properties across Europe and the seizure or shutdown of more than 100 servers linked to the group. Officials said they had neutralized “a major part” of the group’s infrastructure.
The group has been tied to high-profile cyberattacks on banks and government institutions in Sweden, as well as coordinated strikes on nearly 230 targets in Germany—including arms manufacturers, energy providers, and public sector entities, according to Eurojust.
In Switzerland, NoName057(16) was linked to attacks in June 2023 during a Ukrainian video address to the Joint Parliament, and again in June 2024 during the Ukraine Peace Summit at Bürgenstock.
Authorities say investigations are ongoing and further actions are expected as international efforts continue to counter politically motivated cyber threats across Europe.
