In a sweeping multinational crackdown, European law enforcement agencies have successfully dismantled the pro-Russian cybercrime network NoName057(16), a group notorious for orchestrating disruptive distributed denial-of-service (DDoS) attacks targeting Ukraine and its allies. The coordinated operation, dubbed "Eastwood," unfolded between July 14 and 17, 2025, involving authorities from across Europe and North America, including the FBI, Europol, Eurojust, and cybersecurity experts.
NoName057(16) operated as a loosely organized but ideologically driven collective of Russian-speaking sympathizers, mobilizing over 4,000 volunteers to launch cyberattacks against critical infrastructure, government institutions, banks, energy providers, defense contractors, and NATO events. Their attacks, often timed to coincide with high-profile political occasions, sought to disrupt and intimidate countries supporting Kyiv in its defense against Russia's invasion.
Europol described the group as recruiting participants through pro-Russian channels, forums, and niche chat groups on social media and messaging platforms. Volunteers, who ranged from teenagers to opportunists, were enticed by a blend of political ideology and cryptocurrency rewards. Using a platform called "DDoSia," the group simplified technical barriers, allowing even novices to participate in attacks, which were gamified with leaderboards, badges, and status symbols to encourage engagement.
Despite the group's rudimentary tactics, their custom-built botnet comprising hundreds of servers significantly amplified their attack capabilities. Between late 2023 and mid-2024, NoName057(16) launched 14 waves of cyberattacks against over 250 German organizations, including arms factories, power suppliers, and government bodies. They also targeted Swedish banks and authorities, and in Switzerland, coordinated attacks coincided with symbolic events such as the Ukrainian president's video address to Parliament in 2023 and the 2024 Peace Summit at Bürgenstock. Most recently, the group was implicated in cyberattacks during the 2025 NATO summit in the Netherlands. Authorities reported that while these attacks caused disruption, they were ultimately mitigated with minimal impact.
The operation resulted in two arrests—one in France and another in Spain—and seven arrest warrants, six of which were issued by Germany targeting suspects believed to reside in Russia. German authorities identified two individuals as principal orchestrators of the network's activities. In total, seven suspects are now internationally wanted, with five profiles published on the EU's Most Wanted list. Law enforcement officers conducted 24 house searches across Czechia, France, Germany, Italy, Spain, and Poland, and questioned 13 individuals in connection with the case.
More than 1,000 suspected supporters, including 15 identified administrators, received legal warnings via messaging applications, informing them of their criminal liability and the ongoing investigations. Investigators also disrupted over 100 servers used by the group, effectively dismantling a major portion of their operational infrastructure and crippling their ability to coordinate future attacks.
Behind the scenes, Europol played a pivotal role by coordinating over 30 meetings and operational sprints, providing forensic expertise and cryptocurrency tracing, and running prevention campaigns targeting suspected members. Eurojust facilitated cross-border legal actions, fast-tracking Mutual Legal Assistance requests and European Investigation Orders. During the takedown, representatives from key countries operated from Europol's headquarters, linked via a virtual command post to counterparts across participating nations.
Further investigations revealed that NoName057(16) is closely linked to the Kremlin-backed Center for Youth Studies and Network Monitoring (CYSNM), an IT structure established under President Vladimir Putin's orders and funded with over 2 billion rubles from Russia's state budget. The group’s alleged leaders include Mikhail Burlakov, a cybersecurity associate professor with ties to Rosneft and the Moscow Institute of Physics and Technology, and Maxim Lupin, a former employee of "Combat Brotherhood" and Kremlin-affiliated IT firms. Other notable members include Evstratova, a young graduate involved in hackathons; Abrosimov, a mechanic implicated in numerous cyber sabotage incidents; and Muravyov, a pro-war artist responsible for creating hacker logos and propaganda materials.
Operating under the guise of combating "youth destructiveness," the group coordinated their cyberattacks while maintaining a veneer of legitimacy. Their decentralized structure lacked a clear hierarchy, functioning more as a sprawling network of volunteers rather than a tightly controlled organization. This model made them resilient but also vulnerable to coordinated law enforcement efforts.
Cybersecurity experts warn that despite this significant blow, NoName057(16) is unlikely to cease operations entirely. Rafa López, a security engineer at Check Point, noted that the group continues to operate through encrypted channels like Telegram and Discord and is shifting toward more sophisticated cybercrimes, including system intrusions and data exfiltration. López emphasized the importance of multi-layered security strategies, including robust DDoS protection, intrusion detection systems, and employee education to defend against evolving threats.
This crackdown fits into a broader pattern of intensified international efforts to combat cybercrime. Earlier in 2025, Europol arrested 17 suspects linked to a criminal banking network involved in laundering millions through cryptocurrencies. German-led operations have dismantled major cybercrime forums, and joint US-German efforts shut down Russia-linked darknet marketplaces. These actions reflect growing recognition of cyber threats' geopolitical and economic impacts.
The NoName057(16) takedown highlights the challenges of combating ideologically motivated cybercrime groups that blend political agendas with criminal activity. By disrupting their infrastructure and prosecuting key actors, authorities have dealt a significant setback to pro-Russian cyber operations targeting Europe and its allies. However, the evolving nature of cyber threats demands continued vigilance and international cooperation to safeguard digital security.
