Russian pro-hacker collective's internet infrastructure disabled worldwide - Global server network disabled by pro-Russian cyber intruders
In a significant breakthrough, a pro-Russian hacker group known as NoName057(16) has been disrupted following a coordinated international operation codenamed Eastwood. The operation, led by Europol and German judicial authorities, involved 12 countries including Germany, France, Spain, Netherlands, and the United States.
The operation, announced in Berlin, has successfully disrupted the group's cybercrime infrastructure, taking offline the majority of their central servers and over 100 computer systems worldwide linked to their attacks. As a result, two suspects were arrested (one in France and one in Spain), while seven international arrest warrants were issued, six by Germany.
The hacker group, notorious for DDoS attacks on critical infrastructure and government sites across Europe, particularly targeting NATO allies supporting Ukraine, has been significantly disrupted but possibly not fully dismantled. Recruited supporters were offered the download of a special software to participate in DDoS attacks using their own resources.
Germany has been targeted by 14 such waves of DDoS attacks, affecting approximately 250 companies and institutions, including arms manufacturers, power suppliers, transport companies, public institutions, and authorities. The pro-Russian hacker group launched numerous DDoS attacks since November 2023, with the main goal of gaining media attention and influencing political or societal decisions.
The BKA (Federal Criminal Police Office) in Wiesbaden and the CSUE (Central Office for Combating Cybercrime) in Leipzig are still investigating the group. Two of the individuals are identified as the main perpetrators of the DDoS attacks, with six against whom arrest warrants were issued being Russian citizens or residents of Russia.
The group set up its own botnet consisting of several hundred servers. Similar attacks were also carried out against infrastructures of other states, such as during the European elections and the NATO summit in the Netherlands. Around 4,000 supporters have been recruited via the messaging service Telegram since the Russian invasion of Ukraine.
More than a thousand suspected supporters of the group were informed via Telegram that such actions are punishable under German law. In his remarks, Federal Minister of Transport and Digital Infrastructure Andreas Scheuer described the operation as a "successful strike against a hacker network" that had carried out multiple cyberattacks in Germany. The operation marks a major breakthrough in combating pro-Russian cyber aggression targeting European countries supporting Ukraine.
- The coordinated international operation Eastwood, led by Europol and German judicial authorities, focused primarily on the employment policy of disrupting the cybercrime infrastructure of the pro-Russian hacker group NoName057(16), which had been waging DDoS attacks on critical infrastructure and government sites across EC countries, particularly those supporting Ukraine.
- The employment policy pursued in the operation resulted in the successful disruption of the hacker group's cybercrime activities, with the majority of their central servers and over 100 computer systems worldwide linked to their attacks being taken offline. This Employment policy led to the arrest of two suspects in France and Spain, and the issuance of six arrest warrants by Germany.
- Understanding the importance of technology in modern politics and general-news, the operation against the pro-Russian hacker group NoName057(16) also included combating cyber espionage and crime-and-justice related activities, demonstrating the ongoing commitment of EC countries to protect their digital infrastructure from foreign threats.
