Julia Dickson and Emily Harding
In a dramatic success and a global pushback against Russia’s hybrid warfare operations, a mid-July joint international operation disrupted a massive Russian cybercrime network known as NoName057(16). Since 2022, this ideologically motivated hacktivist network has claimed responsibility for more than 1,500 distributed denial-of-service attacks (DDoS) against countries aligned with NATO. The group’s activity is a prime example of a broader and concerning trend: Moscow using hybrid warfare in an attempt to undermine support for Ukraine and destabilize the United States and its allies. This success is likely to be temporary—one round in an ongoing match that can only be definitively won by intensive cooperation among allie.
NoName057(16) has been active since 2022, around the start of the full-scale invasion of Ukraine. With an estimated 4,000 volunteers, this cyber army initially focused on Ukraine, then expanded its targets to include countries that support Ukraine, including the United States and NATO allies like Czechia, Poland, and Spain. Its operations have included DDoS attacks against Swedish authorities and banking websites, more than 250 German companies and institutions, and organizations linked to the June 2025 NATO summit. NoName057(16) also participated in DDoS attacks against Japanese logistics and shipbuilding companies in 2024.
In response to the growing threat, Europol facilitated Operation Eastwood. The operation involved 19 countries, the European Union Agency for Cybersecurity (ENISA), and the Joint Cybercrime Action Taskforce (J-CAT), part of Europol’s European Cybercrime Centre (EC3). Operation Eastwood ultimately proved highly disruptive to the group’s operations, at least temporarily. It disrupted more than 100 of the group’s servers worldwide and took a significant part of the group’s central server infrastructure offline. Authorities also made two arrests (in France and Spain) and issued seven arrest warrants (six by Germany and one by Spain).
Groups like this tend to be fluid, however, and its remnants are likely to reconstitute and reengage in the near future. As such, international cooperation is critical. EC3 and J-CAT provide a promising model for collaborative, regional cyber threat intelligence sharing centers that could be expanded or replicated in other regions as Russian cyberactivity grows more aggressive.NoName057(16)’s operations are only part of Russia’s escalating cyber campaign. Moscow has long been a dominant player in the cyber domain but has become more active since 2021, in the lead-up to the full-scale invasion of Ukraine.
No comments:
Post a Comment