Under the coordination of Europol, multiple European countries have launched a global joint operation this week against a hacker group related to Russia called “NoName057(16)”. The operation was successful in dismantling the attack infrastructure spanning over a hundred computer systems worldwide and issuing arrest warrants for seven members.
Germany and Spain took the lead in issuing arrest warrants for hackers suspected of launching cyberattacks against critical infrastructure. Germany issued warrants for six individuals, while Spain issued one. The targets of this organization’s attacks include military contractors, energy companies, public institutions, and European governmental bodies supporting Ukraine.
The operation, codenamed “Eastwood,” involved countries such as the United States, Germany, France, Italy, Spain, Sweden, Finland, Lithuania, Poland, the Czech Republic, Switzerland, and the Netherlands. In total, 24 locations associated with the hacker group were searched during the operation, including multiple sites in Berlin and Bavaria, Germany.
It is reported that the group’s command center is located in Russia. German prosecutors and Europol have disclosed the names and photos of five Russian suspects, with one believed to be a core leader of the organization. Currently, these individuals are suspected to still be residing in Russia.
Spanish and French authorities have each detained a suspect. The French prosecutor stated that they have seized the suspect’s communication devices but have not yet brought formal charges.
Investigations reveal that the organization recruited over 4,000 volunteers through the Telegram communication software to carry out Distributed Denial of Service (DDoS) attacks, which paralyzed government and critical infrastructure websites in Western countries. These volunteers not only provided their own systems for attacks but also received specific targets and operational tools, with some receiving encrypted currency as payment.
Europol points out that the organization attracted young supporters to participate in a “gamified” manner, such as establishing leaderboards, issuing badges, fostering a “fighting for Russia” atmosphere, and recruiting a large number of Russian-speaking users. While many members do not have professional technical backgrounds, they were able to execute attacks using readily available tools, with many coming from hacker forums and gaming communities.
In addition to attacks on Ukraine, the group has recently targeted NATO member countries supporting Ukraine with cyberattacks, including attacks on organizations’ websites in Germany, Sweden, and Switzerland. According to Swiss prosecutor data, since June 2023, the organization has been the subject of criminal investigations, with attacks targeting over 200 websites, including the live broadcast of Ukrainian President Zelensky’s speech to the Swiss parliament and the official website of the Eurovision Song Contest.
Although there is currently no direct evidence confirming the connection between this hacker group and the Russian government, prosecutors believe that these attacks are intended to generate public opinion and attempt to influence political and social decision-making in countries like Germany across Europe. European countries are increasingly wary of Russia’s engagement in “hybrid warfare” beyond the conflict in Ukraine, including activities such as cyberattacks, disruptive operations, and terrorist conspiracies.
Furthermore, the organization has built a botnet consisting of hundreds of controlled computers to enhance the scale and efficiency of their attacks.
Europol emphasizes that this operation not only disabled the main servers of NoName057(16) but also issued a clear warning to its supporters: participating in such attacks will result in legal repercussions.