Between 14 and 17 July 2025, a major international cyber operation targeting the pro-Russian hacker network NoName057(16) was successfully conducted under the coordination of Europol and Eurojust. The operation, codenamed “Operation Eastwood”, involved coordinated actions by law enforcement and judicial authorities from 13 countries, including Germany, France, the United States, and Sweden, as well as technical support from private cybersecurity companies.
The group, which originally focused its attacks on Ukraine, had since expanded its operations to Western allies supporting Kyiv. Europol estimates that more than 4,000 members of the network used over a hundred computer systems across the globe. While only two arrests have been made so far, most of the group’s infrastructure has been taken offline, disrupting its ability to conduct further attacks.
A persistent threat to Western digital infrastructure
Authorities from Czechia, France, Finland, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands, and the United States conducted simultaneous actions against the group’s cyber assets. Agencies from Belgium, Estonia, Denmark, Romania, Latvia, Ukraine and Canada supported the operation during the pre-investigative phase. The operation also received support from the Joint Cybercrime Action Taskforce (J-CAT) at Europol.
NoName057(16) is known for a series of disruptive cyberattacks, including DDoS campaigns against government servers and banking systems in Sweden and Finland during 2023–2024. In Germany alone, 14 waves of attacks targeted more than 250 organisations. In Switzerland, the group launched attacks during a video link between the Ukrainian and Swiss parliaments in 2023, and again during the Ukraine Peace Summit in Bürgenstock in June 2024. A separate attack was also registered during the latest NATO summit hosted by the Netherlands in 2025.
The group built its own botnet infrastructure made up of several hundred servers to enhance the effectiveness of its denial-of-service operations. Most of these servers have now been neutralised.
Strategic use of cyberattacks as geopolitical tools
The cyber network NoName057(16) is part of a wider pattern of Russia-linked digital aggression. Since the 1990s, Western experts have warned that Russia and China were systematically building offensive cyber capabilities. One of the earliest and most notable cases was the 2007 cyberattack on Estonia, triggered by a local decision to relocate a Soviet-era monument. The attack, later attributed to Russian coordination, remains one of the largest and most effective cyber-assaults in internet history.
Following this, NATO established its Cooperative Cyber Defence Centre of Excellence in Tallinn in 2008. More recently, the United States launched the “Cyber Flag 21-1” initiative in 2021 — informally known as “Cyber NATO” — to enhance collective cyber defence across allied nations.
Growing risk to democratic systems
Russian-affiliated hacker groups act as state-sponsored actors, conducting sophisticated attacks on critical infrastructure, public institutions, and private companies across the West. These attacks are often timed with key geopolitical events — including elections, conflicts, or diplomatic escalations — in an effort to sway public opinion, erode trust, and destabilise democratic governance.
Strategic targets have included media outlets, energy grids, telecom systems, defence ministries, and electoral infrastructure, underscoring the scale and ambition of Russian cyber operations. As digital threats become more central to modern conflict, the disruption of networks like NoName057(16) signals the urgent need for coordinated international cyber defence.
