The U.S. was part of an international law enforcement operation aimed at dismantling a pro-Russian computer crime network targeting Ukraine and its supporters, according to a statement from Europol, the European Union’s law enforcement agency.
More than a dozen countries participated in Operation Eastwood, which took place from July 14 to 17. They took simultaneous action against offenders and infrastructure affiliated with NoName057(16), a Russian cybercrime group.
“The actions led to the disruption of an attack infrastructure consisting of over 100 computer systems worldwide, while a major part of the group’s central server infrastructure was taken offline,” Europol officials said Friday.
The network primarily targeted Ukraine but has shifted its focus to attacking countries that support Kyiv in its ongoing war against Russian invaders, many of which are members of NATO. In 2023 and 2024, it attacked Swedish government and bank websites, while Germany saw 14 separate waves of attacks targeting more than 250 companies and institutions.
Multiple cyberattacks linked to NoName057(16) were carried out in June 2023 during a Ukrainian video message addressed to Switzerland’s parliament and in July 2024 during the Peace Summit for Ukraine at Burgenstock, Switzerland.
“Most recently, the Dutch authorities confirmed that an attack linked to this network had been carried out during the latest NATO summit in the Netherlands,” Europol officials said. “These attacks have all been mitigated without any substantial interruptions.”
Europol officials said two arrests have been made, while seven arrest warrants have been issued. Dozens of homes were searched in Europe as part of the ongoing investigation. Police have also reached out to several hundred people believed to be supporters of the cybercrime network, informing them that they could face legal liability for their actions.
“Individuals acting for NoName057(16) are mainly Russian-speaking sympathizers who use automated tools to carry out distributed denial-of-service attacks,” Europol said. “Operating without formal leadership of sophisticated technical skills, they are motivated by ideology and rewards.”
On Friday, NATO released a statement condemning the cyberattacks and calling for Russia to abide by the United Nations’ framework for “responsible state behavior in cyberspace.
“Russia’s actions will not deter Allies’ support to Ukraine, including cyber assistance through the Tallinn Mechanism and IT Capability Coalition. We continue to use the lessons learned from the war against Ukraine in countering Russian malicious cyber activity,” NATO said. “We are determined to employ the full range of capabilities in order to deter, defend against, and counter the full spectrum of cyber threats.”
According to a 2024 statement from the U.S. State Department, the Tallinn Mechanism consists of Canada, Denmark, Estonia, France, Italy, Germany, Netherlands, Poland, Sweden, Ukraine, the United Kingdom and the United States “using world class cyber and digital expertise, from both the private and public sector, to protect critical national infrastructure and vital services through bolstered cyber defense capabilities to Ukraine, enabling them to detect and disable the malware targeted at them.”
“The European Union and NATO support the mechanism and have been observers since its creation.”
