A coordinated international operation has hit the infrastructure of a pro-Russian cybercrime network linked to a string of denial of service attacks targeting Ukraine and its allies, the European Union’s police agency Europol announced Wednesday.
Codenamed Eastwood, the operation targeted the so-called NoName057(16) group, which was identified last month by Dutch authorities as being behind a series of denial-of-service attacks on several municipalities and organizations linked to a NATO summit in the Netherlands.
Europol said that the cybercrime network also was involved in attacks in Sweden, Germany and Switzerland.
The police agency said the international operation “led to the disruption of an attack-infrastructure consisting of over one hundred computer systems worldwide, while a major part of the group’s central server infrastructure was taken offline.”
Law enforcement and judicial authorities from France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Czech Republic, the Netherlands and the United States took simultaneous actions against offenders and infrastructure belonging to the pro-Russian cybercrime network, it said.
Judicial authorities in Germany issued six arrest warrants for suspects in Russia, two of them accused of being the main leaders of the group, Europol said. Five of them were identified on Europol’s Europe’s Most Wanted website.
One suspect was placed under preliminary arrest in France and another detained in Spain, Europol said. In the United States, the Federal Bureau of Investigation was involved in the operation.
The Paris prosecutor’s office said one person is in custody in France and communications equipment has been seized. No charges have yet been filed.
The attorney general’s office in Switzerland, which is not an EU member country, said in a statement Wednesday that joint investigations between Europol and Swiss federal police helped identify three leading members of the group, which is alleged to have targeted more than 200 Swiss websites.
Swiss prosecutors opened a criminal case over the incidents in June 2023, and since then identified several other denial-of-service attacks attributed to the activist group. The attacks included a video address by Ukrainian President Volodymyr Zelenskyy to the Swiss parliament and the popular Eurovision Song Contest, held in in Basel earlier this year.
Europol said members of the cybercrime group initially targeted Ukrainian institution, “but have shifted their focus to attacking countries that support Ukraine in the ongoing defence against the Russian war of aggression, many of which are members of NATO.”
Law enforcement authorities in countries involved in the operation contacted hundreds of people believed to support the group to inform them of the crackdown and their alleged liability for its actions.
“Individuals acting for NoName057(16) are mainly Russian-speaking sympathizers who use automated tools to carry out distributed denial-of-service (DDoS) attacks. Operating without formal leadership or sophisticated technical skills, they are motivated by ideology and rewards,” Europol said.
It added that people recruited by the group were paid in cryptocurrency and motivated using online-gaming dynamics like leader boards and badges.
“This gamified manipulation, often targeted at younger offenders, was emotionally reinforced by a narrative of defending Russia or avenging political events,” Europol said.
Related: From 60 to 4,000: NATO’s Locked Shields Reflects Cyber Defense Growth
Related: NATO to Establish New Cyber Center in Belgium
Related: Hacker Who Targeted NATO, US Army Arrested in Spain
Related: NATO Draws a Cyber Red Line in Tensions With Russia
