In a major blow against politically motivated cybercrime, Europol has dismantled the pro-Russian hacktivist group Noname057(16), an organization known for launching aggressive DDoS (Distributed Denial-of-Service) attacks against targets across Europe, as well as Israel and Ukraine. This international operation, dubbed “Operation Eastwood,” took place on July 15, 2025, and focused on both the group’s technological infrastructure and the individuals behind it.
Coordinated by Europol and Eurojust, the operation was supported by 12 countries, showcasing a strong display of international cooperation in the face of increasingly organized digital threats.
Who exactly were Noname057(16), and why were they considered such a serious threat?
This group emerged in March 2022, shortly after the outbreak of the war in Ukraine. Since then, they gained notoriety for disrupting essential services through orchestrated DDoS attacks carried out via Telegram and their own software called “DDoSia.” This program enabled volunteers from around the world to join the attacks from their own devices, turning hacktivism into a kind of distributed digital crusade.
Operation Eastwood aims not only to halt their current activities but also to send a clear message: geopolitically motivated hacktivism will not be tolerated and will not go unanswered.
Since its emergence, Noname057(16) and its sympathizers have continually launched DDoS attacks against companies and key infrastructure in various European countries that have expressed support for Ukraine. Their high-profile targets have included NATO-related sites, government agencies, banks, energy companies, media outlets, transportation providers, and even defense firms.
According to Europol, these digital offensives were not merely symbolic; they disrupted critical services in countries such as Germany, Poland, Lithuania, Latvia, Estonia, Sweden, the Netherlands, and many others. In short, these were coordinated attacks that had a real impact on the digital infrastructure of an entire region.
NoName057(16) announcing an attack on Telegram (Source: BleepingComputer)
Read more: Police Dismantle DiskStation Ransomware Gang
Coordinated Attacks Across Europe and the Final Blow to Noname057(16)
According to a statement from Eurojust, Noname057(16) had been particularly active in Germany, where they carried out 14 attacks—some lasting several days and affecting around 230 organizations. Their targets were far from minor: weapons manufacturers, energy providers, and government agencies.
And they didn’t stop there. During the European elections, the group also launched attacks in several countries. In Sweden, for instance, government systems and banks were among their targets. In Switzerland, the situation escalated with multiple attacks timed with politically sensitive events, such as the Ukrainian president’s video address to Parliament in June 2023, and later during the Ukraine Peace Summit in June 2024.
More recently, in June 2025, the Netherlands was also targeted during the NATO summit—part of what appears to be a clear strategy to disrupt key diplomatic events.
In response, on July 15, authorities conducted raids in Germany, Latvia, Spain, Italy, the Czech Republic, Poland, and France. This joint operation led to the takedown or disruption of more than 100 servers connected to the group’s technical infrastructure.
There were also arrests: one preliminary arrest in France and another in Spain. Additionally, seven European arrest warrants were issued—six by Germany and one by Spain. As part of the operation, authorities even sent direct Telegram messages to over 1,100 participants and 17 group administrators, warning them they could face criminal charges for their involvement in the attacks.
While the investigation is ongoing, one crucial detail stands out: six of the arrest warrants issued by Germany target individuals believed to be in Russia—two of whom are suspected to be the main leaders of Noname057(16).
Results of Operation Eastwood (Source: Europol)
Operation Eastwood was no ordinary effort—it involved law enforcement agencies from 13 countries, including Germany, the Czech Republic, the United States, Estonia, Finland, France, Latvia, Lithuania, the Netherlands, Poland, Sweden, and Switzerland. This international alliance sent a clear message: politically motivated cybercrime will not be ignored.
According to authorities, the operation represents a significant blow to Noname057(16). However, they also caution that the impact may be temporary, as the group’s most influential members are likely still sheltered in Russia, beyond the reach of most European jurisdictions.
In fact, there are signs that the group (or what remains of it) continues to be active. As of today, the actors behind Noname057(16) are still announcing new attacks and security breaches, particularly targeting German companies. While their infrastructure has been hit, it’s clear that the threat has not entirely disappeared.