A coordinated international operation has taken down a pro-Russian cybercrime network linked to cyber attacks on Ukraine and its allies, Europol has announced.
The operation, codenamed Eastwood, targeted the group NoName057(16), which Dutch authorities identified last month as being behind a series of denial-of-service attacks, including a video address by Volodymyr Zelenskyy to the Swiss parliament and the Eurovision Song Contest.
The EU’s police agency said the international operation “led to the disruption of an attack-infrastructure consisting of over one hundred computer systems worldwide, while a major part of the group’s central server infrastructure was taken offline.”
Authorities in Germany issued six arrest warrants for suspects in Russia, two of them accused of being the group’s main leaders, Europol said. One suspect was placed under preliminary arrest in France and another detained in Spain, it added.
Europol said members of the cybercrime group initially targeted Ukrainian institutions, “but have shifted their focus to attacking countries that support Ukraine in the ongoing defence against the Russian war of aggression, many of which are members of NATO.”
Authorities in the countries involved in the operation also contacted hundreds of people believed to support the group to inform them of the crackdown and their alleged liability for its actions.
“Individuals acting for NoName057(16) are mainly Russian-speaking sympathisers who use automated tools to carry out distributed denial-of-service (DDoS) attacks,” Europol said.
“Operating without formal leadership or sophisticated technical skills, they are motivated by ideology and rewards.”
It said people recruited by the group were paid in cryptocurrency and motivated using online-gaming dynamics, such as leaderboards and badges.
“This gamified manipulation, often targeted at younger offenders, was emotionally reinforced by a narrative of defending Russia or avenging political events,” Europol said.