July 2025 – A coordinated international law enforcement operation has disrupted the infrastructure of a pro-Russian cybercrime group responsible for a string of Distributed Denial-of-Service (DDoS) attacks targeting Ukraine and its global allies, according to Europol.

Codenamed Operation Eastwood, the crackdown targeted the NoName057(16) group, which has been active across Europe and North America. Authorities say the group was behind recent cyberattacks on NATO-related events, municipal websites, and even high-profile public broadcasts such as Eurovision 2025 in Basel, Switzerland.

Key Facts from the Operation

• Over 100 computer systems used in the group’s DDoS infrastructure were taken offline across multiple countries.
• The group’s central command infrastructure has been significantly disrupted.
• Law enforcement actions were conducted across 13 countries, including the United States, France, Germany, Sweden, Switzerland, Italy, and the Netherlands.
• Six arrest warrants were issued in Germany for suspects located in Russia—two of whom are believed to be the group’s ringleaders.
• Individuals were also arrested in France and Spain, and the FBI was involved in actions taken in the United States.

Targeted Attacks Across Europe

The Dutch government first identified NoName057(16) as the group behind recent cyberattacks aimed at municipalities and organisations associated with a NATO summit held in the Netherlands. Since then, the group has been linked to attacks in Sweden, Germany, and Switzerland, including attempts to disrupt:

• A video address by Ukrainian President Volodymyr Zelenskyy to the Swiss Parliament
• The Eurovision Song Contest 2025
• Over 200 Swiss websites

Swiss authorities have been investigating the group since mid-2023 and played a central role in uncovering its leadership structure.

From Ukraine to NATO Allies

According to Europol, NoName057(16) initially focused on Ukrainian institutions, but their targets shifted to countries supporting Ukraine in response to Russia’s ongoing invasion. These include several NATO member states.

The group’s tactics are simple but effective: they rely on automated DDoS tools to overwhelm web servers, making them temporarily inaccessible. These attacks are often coordinated in large numbers and aimed at symbolic or high-profile targets to generate disruption and headlines.

A Decentralised and Ideologically Driven Network

Europol’s investigation highlights that NoName057(16) does not operate like a traditional cybercrime syndicate. Instead:

• Members are Russian-speaking sympathizers motivated by political ideology.
• The group lacks formal leadership or advanced technical expertise.
• Participants are recruited online and rewarded through gamified incentives such as leaderboards and badges.
• Many participants, including younger individuals, are paid in cryptocurrency to conduct attacks using simple automated tools.

This combination of ideological motivation and gamified engagement has made it easier for the group to recruit and mobilize supporters quickly and on a global scale.

Warning to Supporters

Authorities across participating countries have also begun contacting individuals linked to the group, warning them of their potential legal liability and involvement. This is part of a broader effort to deter future participation in ideologically motivated cyberattacks.

What This Means for Businesses

Operation Eastwood is a timely reminder that cyberattacks—particularly DDoS campaigns—can be launched with minimal technical effort but cause widespread disruption. As ideologically motivated groups become more active, any organisation perceived to align with political or military alliances may become a target.

At CSB, we continue to monitor these developments to keep our clients informed and protected. If your organisation relies on internet-facing infrastructure—such as websites, online services, or cloud systems—it’s critical to ensure you have adequate DDoS protection and incident response protocols in place.

How CSB Can Help

• Assess your current DDoS resilience
• Implement managed firewall and cloud-based mitigation services
• Develop incident response plans tailored to your risk profile
• Provide staff awareness training on emerging cyber threats

Staying ahead of politically motivated cyber threats requires a combination of awareness, planning, and strong security infrastructure. If you have questions or would like to assess your organisation’s exposure, contact CSB today.