News
From July 14 to 17, law enforcement and judicial authorities from 12 countries carried out simultaneous actions against the cybercriminal group NoName057(16), according to Europol’s website. The joint operation, coordinated by Europol and Eurojust, spanned the Czech Republic, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands, and the United States.
The operation disrupted a global cyberattack infrastructure comprising more than 100 computer systems, taking offline a significant portion of the group's central server network. Germany issued seven arrest warrants against persons involved in the group's criminal activities, including six Russian residents. Within this group, two of the Russian nationals have been identified as “the main instigators responsible for the activities of NoName057(16).”
The operation resulted in two arrests — one in France and one in Spain — along with 24 house searches across various countries and the questioning of 13 individuals. More than a thousand supporters of the network, including 15 administrators, received legal warning notices via messaging platforms. The group’s members are primarily Russian-speaking individuals who use automated tools to carry out DDoS attacks — whether out of conviction or for financial gain.
The NoName057(16) criminal network initially targeted Ukraine but later shifted the focus of its attacks to countries that support Ukraine in its fight against Russian aggression — primarily NATO members. In 2023-2024, the group was involved in attacks against Swedish government agencies and banking websites. Germany also reported 14 waves of attacks targeting more than 250 companies and institutions. Further attacks were carried out in Switzerland and the Netherlands during major international events.
The investigation revealed that NoName057(16) is an ideologically driven criminal network with more than 4,000 supporters and its own botnet consisting of several hundred servers. The group used gamification techniques to motivate participants — such as frequent shoutouts, leaderboards, and digital badges — fostering a sense of status. It also provided financial incentives for long-term criminal activities, paying its members in cryptocurrency.
NoName057(16) is far from the only Russia-linked group attacking Europe online. In late May, the Dutch General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) revealed in a joint statement that hackers from the group Laundry Bear had been targeting government and commercial entities in the Netherlands, as well as in other NATO and EU countries, for about a year.