Europol targets Kremlin-backed cybercrime gang NoName057(16)

A pro-Kremlin cybercrime network has been taken offline after an international law enforcement operation disrupted over 100 of its servers, detained two gang members, and issued arrest warrants for seven more.

The hacking group NoName057(16) has been operating since 2022, launching cyber attacks on government organisations, media bodies, critical infrastructure, and private companies in Ukraine, America, Canada, and across Europe in a seeming attempt to silence voices that the group considers anti-Russian.

Operating largely through Telegram channels, NoName057(16) has gained a reputation for itself by launching distributed denial-of-service (DDoS) attacks

For instance, earlier this year, the National Cyber Security Center (NCSC) in the Netherlands described how several Dutch organisations had been targeted by large-scale DDoS attacks, apparently in retaliation for the country providing six billion Euros of military aid to help Ukraine defend itself from Russian aggression.

In that, and other attacks, NoName057(16) made use of DDoSia - a tool designed to co-ordinate DDoS attacks with thousands of the group's supporters.

As Bleeping Computer describes, NoName057(16)'s supporters receive cryptocurrency for their participation in denial-of-service attacks using DDoSia.

The impact of the DDoS attacks has sometimes been considerable, with Eurojust saying that the group has "executed 14 attacks in Germany, some of them lasting multiple days and affecting around 230 organisations including arms factories, power suppliers and government organisations".

European elections have also been a target for NoName057(16), as well as when Ukrainian President Volodymyr Zelenskyy addressed the joint parliament of Switzerland in June 2023, and during the Peace Summit for Ukraine in 2024.

Eurojust says that "most recently, the Netherlands was targeted during the NATO Summit at the end of June."

However, now law enforcement has struck a blow against NoName057(16). A multinational operation called "Operation Eastwood" has not only conducted 24 house searches, made arrests, and seized servers. It has also seen
messages sent via Telegram to 1,100 people participating in the DDoS attacks and 17 administrators, warning them of possible legal repercussions.

However, we would be naive in the extreme to imagine that this is the last the world will see of NoName057(16). With key members of the group safely ensconced in Russia, beyond the reach of Western law enforcement agencies, it is unlikely that they will be brought to justice any time soon.

This has been a setback for the hacking group, but as long as there is political will in Moscow to support the gang's attacks on Western organisations it is likely that it will rebuild its infrastrutucture, and continue to recruit members who will have no qualms about launching attacks on websites thousands of miles away.