A global regulation enforcement operation dubbed “Operation Eastwood” has focused the infrastructure and members of the pro-Russian hacktivist group NoName057(16), accountable for distributed denial-of-service (DDoS) assaults throughout Europe, Israel, and Ukraine.
Operation Eastwood was led by Europol and Eurojust with assist from 12 nations. It passed off on July 15, 2025, and focused the techniques and people behind the group’s actions.
NoName057(16) is a pro-Russian hacking group that launched in March 2022 after the battle in Ukraine started. To conduct assaults, the group makes use of Telegram channels and the “DDoSia” undertaking, software program that runs on volunteers’ computer systems to crowdsource DDoS assaults on targets chosen by the risk actors.
Since then, NoName057(16) and its supporters have carried out DDoS assaults in opposition to corporations and important infrastructure in European nations that assist Ukraine. These targets embrace NATO websites, authorities businesses, transportation providers, banks, protection companies, media retailers, and vitality suppliers.
In accordance with Europol, the assaults disrupted vital providers in Germany, Poland, Lithuania, Latvia, Estonia, Sweden, the Netherlands, and different nations.
Supply: BleepingComputer
“The hacktivist group has executed 14 assaults in Germany, a few of them lasting a number of days and affecting round 230 organisations together with arms factories, energy suppliers and authorities organisations,” reads a assertion from Eurojust.
“Assaults have been additionally executed throughout Europe throughout the European elections. In Sweden, authorities and financial institution web sites have been focused, whereas in Switzerland a number of assaults have been carried out throughout a video message given by the Ukrainian President to the Joint Parliament in June 2023, and throughout the Peace Summit for Ukraine in June 2024.”
“Most lately, the Netherlands was focused throughout the NATO Summit on the finish of June.”
On July 15, regulation enforcement businesses carried out searches in Germany, Latvia, Spain, Italy, Czechia, Poland, and France, with greater than 100 servers internet hosting the group’s infrastructure disrupted or taken offline.
Two arrests have been made as a part of this operation (1 preliminary arrest in France and 1 in Spain), and 7 European arrest warrants have been issued, together with six by Germany and one by Spain. The authorities additionally despatched Telegram messages to 1,100 members and 17 directors, warning them that they have been going through legal legal responsibility for his or her actions.
Six of the warrants issued by Germany are for people believed to be residing in Russia, with two of them suspected of being the first operators of the group.
Supply: Europol
The operation concerned regulation enforcement from Czechia, Estonia, Finland, France, Germany, Latvia, Lithuania, the Netherlands, Poland, Spain, Sweden, Switzerland, and america.
Authorities declare that Operation Eastwood is a major blow to NoName057(16). Nevertheless, with the core members positioned in Russia, this motion is more likely to have solely a short-lived impact, because the risk actors will seemingly rebuild their infrastructure.
As of as we speak, the risk actors proceed to announce new assaults and breaches of German corporations.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key strategies utilized by cloud-fluent risk actors.
