In a major win for cybersecurity defenders across Europe, Europol and Eurojust have successfully coordinated an international operation—Operation Eastwood—to disrupt the infrastructure and operations of the pro-Russian hacktivist group NoName057(16). This group has been responsible for hundreds of DDoS attacks targeting critical infrastructure and institutions since the beginning of the war in Ukraine.
The Background: Weaponised Hacktivism
Launched in early 2022, NoName057(16) has weaponised distributed denial-of-service (DDoS) attacks as a form of geopolitical cyber-propaganda. Their attacks have consistently aligned with Russian political interests, targeting European countries supporting Ukraine, as well as Israel and Ukraine itself.
Their operations are largely crowdsourced via Telegram and the DDoSia software project, which enables volunteers to join attacks using their own devices. Victims have ranged from government ministries and media outlets to banks, power companies, and even NATO-affiliated organisations.
Operation Eastwood: A Coordinated Strike
On July 15, 2025, law enforcement agencies across 13 countries, including Germany, France, Finland and the US, executed a coordinated takedown of the group’s infrastructure. The operation resulted in:
- 100+ servers seized or taken offline
- Searches across 7 countries, including Spain, Italy, and Poland
- 2 arrests and 7 European arrest warrants issued
- 1,100 Telegram users and 17 admins warned of criminal liability
While most of the group’s core leadership is believed to reside in Russia, this disruption sends a strong message that DDoS attacks—even under the banner of hacktivism—carry consequences.
Why This Matters for Defenders
NoName057(16)’s campaign is a stark reminder of how geopolitical tensions now play out in cyberspace. Their strategy relies on amateur participation, decentralised tools, and speed—making them a difficult adversary to contain.
This development also emphasises the importance of international collaboration in cybercrime enforcement. At FastNetMon, we welcome this joint action and see it as an opportunity for security teams to take stock of their DDoS defense readiness.
Is NoName057(16) now completely defeated?
Despite this victory, NoName057(16) has already resumed activities, continuing to claim new DDoS attacks as of today. While unfortunately, this is not the end of the story, it is an important milestone and a reminder for defenders: As cyber threats become more politically charged and globally distributed, having reliable DDoS detection and response capabilities is your best defence.
About FastNetMon
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats.
For more information, visit https://fastnetmon.com