The pro-Russian hacktivist network known as NoName057(16) has had its main infrastructure dismantled, following a coordinated international operation called Operation Eastwood, led by Europol.
NoName057(16) has been identified as a key player behind Distributed Denial-of-Service (DDoS) attacks targeting Ukraine and its allies in Europe—especially government agencies, banks, and NATO-related institutions. This operation marks an important turning point in tackling ideologically driven cyber threats.
An International Operation to Halt Cyber Threats
From July 14–17, 2025, Europol worked together with agencies from over 15 countries, including the U.S., Germany, Spain, France, Italy, Poland, Sweden, Switzerland, and others, to conduct investigations, seizures, and arrests linked to NoName057(16).
Results of the operation include:
- Shutdown of more than 100 systems worldwide
- Arrests of 2 suspects in France and Spain
- 24 properties searched across several countries
- 6 Russian nationals issued with arrest warrants
- 5 individuals added to the EU’s Most Wanted list
Who is NoName057(16)?
The group emerged in March 2022, shortly after Russia invaded Ukraine. Acting as a pro-Kremlin collective, they recruited sympathizers via Telegram and encouraged them to launch DDoS attacks on websites that showed support for Ukraine.
To facilitate these attacks, they developed and distributed a tool called DDoSia, which allowed participants to target websites automatically. In return, attackers were rewarded with cryptocurrency—a tactic designed to maintain continuous engagement.
The group gamified participation by using features like leaderboards, badges, and public shout-outs in Telegram groups. These incentives drew in over 4,000 participants worldwide, many of them young people sympathetic to Russia.
Europol has since sent legal warnings to more than 1,000 individuals, informing them that participating in such attacks could result in criminal liability.
Members on the Most Wanted List
Five Russian nationals have been added to the EU Most Wanted list:
- Andrey Muravyov (aka DaZBastaDraw)
- Maxim Nikolaevich Lupin (aka s3rmax)
- Olga Evstratova (aka olechochek, olenka)
- Mihail Evgeyevich Burlakov (aka Ddosator3000, darkklogo)
- Andrej Stanislavovich Avrosimow (aka ponyaska)
One of the main suspects, Burlakov (a.k.a. “darkklogo”), played a key role in technical decision-making, software development, and financial operations for the group.
A Growing Cybersecurity Concern
Europol warns that pro-Russian cyber threats are evolving—from simple DDoS attacks and website defacement to more serious attacks on critical infrastructure, including energy, finance, and public administration.
Cybersecurity company Cyble also reports that groups such as Z-Pentest, Dark Engine, and Sector 16 have been operating with synchronized timing, targets, and messaging—suggesting coordinated collaboration to support Russia’s cyber strategies.
Why It Matters
The takedown of NoName057(16) stands as a strong example of how international cooperation can disrupt sophisticated cybercrime networks driven by ideology.
At the same time, this case reveals a concerning trend: these hacker groups are no longer merely disruptive—they’re rapidly becoming a threat to national security that demands serious and proactive response.
_____________________________________________________________________________________________________________________________________________________________________
Source: The Hacker News