Article Details

Operation Eastwood shutters 100+ servers used to DDoS websites supporting Ukraine. Two Russian suspects in cuffs, seven warrants out. International cops shut down more than 100 servers belonging to the pro-Russian NoName057(16) network this week as part of the Europol-led Operation Eastwood. The joint law enforcement effort involved 19 countries across Europe and North America, and resulted in two arrests of Russian nationals, one in France and one in Spain. NoName057(16) is one of several hacktivist operations made up of Russian-speaking sympathizers that sprang up shortly after the invasion of Ukraine. While their network-traffic tsunamis originally targeted the invaded country's government and critical infrastructure websites, the crews have since shifted to attacking countries that provide support for Ukraine. Europol estimates the group has more than 4,000 supporters, who have built their own botnet made up of several hundred servers to increase the distributed denial of service (DDoS) attack load. Luckily, their junk-traffic floods don't do much more than knock websites offline, briefly. NoName057(16) members aren't the most technologically savvy bunch, and their attacks typically don't rise above nuisance level.  As Europol noted, "These attacks have all been mitigated without any substantial interruptions." But it is still super annoying when the public can't access a government or banking website. In 2023 and 2024, these attacks included DDoSing Swedish authorities and bank websites, and German officials documented 14 separate waves of attacks targeting more than 250 companies and institutions. In Switzerland, several government websites were hit during a June 2023 video address from Ukrainian President Volodymyr Zelenskyy to the joint parliament, and a year later, the crew DDoSed the Peace Summit for Ukraine at Bürgenstock.  Last fall, multiple UK councils had their websites knocked offline by the pro-Russia cyber nuisances, and just last month, Dutch authorities confirmed that an attack linked to this network had been carried out during the latest NATO summit held there.  As part of the joint international operation, national authorities issued seven arrest warrants and questioned 13 individuals across Europe about their involvement in the NoName057(16) gang, known for firing off DDoS attacks against government and commercial websites. While Europol didn't name the people taken into custody or those listed in the arrest warrants, the cops noted that two are accused of "being the main instigators" and noted that the suspects are listed as internationally wanted. Five profiles are also published on the EU Most Wanted website. Law enforcement and judicial authorities from the Czech Republic, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands, and the US participated in Operation Eastwood to disrupt the criminal organization's network infrastructure. Forces from the cybersecurity agency ENISA, including those from Belgium, Canada, Estonia, Denmark, Latvia, Romania, and Ukraine, also supported the criminal investigations, while the non-profits ShadowServer and abuse.ch assisted in the technical part of the operation.