Skip to main content
Global operation targets NoName057(16) pro-Russian cybercrime network 
[featured_image_copyright]
July 23, 2025

Global operation targets NoName057(16) pro-Russian cybercrime network 

[post_audio_speech]

Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by the European Union agencies Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and judicial authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands and the United States took simultaneous actions against offenders and infrastructure belonging to the pro-Russian cybercrime network. The investigation was also supported by ENISA, as well as Belgium, Canada, Estonia, Denmark, Latvia, Romania and Ukraine.

Offenders associated to the NoName057(16) cybercrime network targeted primarily Ukraine, but have shifted their focus to attacking countries that support Ukraine in the ongoing defence against the Russian war of aggression, many of which are members of NATO. 

National authorities have reported a number of cyberattacks linked to NoName057(16) criminal activities. In 2023 and 2024, the criminal network took part in attacks against Swedish authorities and bank websites. Since investigations started in November 2023, Germany saw 14 separate waves of attacks targeting more than 250 companies and institutions.

The actions led to the disruption of an attack-infrastructure consisting of over one hundred computer systems worldwide, while a major part of the group’s central server infrastructure was taken offline. Germany issued six warrants for the arrest of offenders living in the Russian Federation. Two of these persons are accused of being the main instigators responsible for the activities of “NoName057(16)”. In total, national authorities have issued seven arrest warrants, which are directed, inter alia, against six Russian nationals for their involvement in the NoName057(16) criminal activities. All of the suspects are listed as internationally wanted, and in some cases, their identities are published in the media. Five profiles were also published on the EU Most Wanted website.

National authorities have reached out to several hundred individuals believed to be supporters of the cybercrime network. The messages, shared via a popular messaging application, inform the recipient of the official measures highlighting the criminal liability they bear for their actions pursuant to national legislations. Individuals acting for NoName057(16) are mainly Russian-speaking sympathisers who use automated tools to carry out distributed denial-of-service (DDoS) attacks. Operating without formal leadership or sophisticated technical skills, they are motivated by ideology and rewards.

Find out more

Press release

MOST READ

[popular_posts columns_xl=”4″ columns_l=”4″ columns_m=”3″]

[related_news]
[yea_euprojectshortlist]

SEE ALSO

[posts_by_post_tax]

More campaign pages:

Interested in the latest news and opportunities?

Sign up

This website is managed by the EU-funded Regional Communication Programme for the Eastern Neighbourhood ('EU NEIGHBOURS east’), which complements and supports the communication of the Delegations of the European Union in the Eastern partner countries, and works under the guidance of the European Commission’s Directorate-General for Enlargement and Eastern Neighbourhood, and the European External Action Service. EU NEIGHBOURS east is implemented by a GOPA PACE-led consortium..

The information on this site is subject to a Disclaimer and Protection of personal data. © European Union,