NoName057(16)

Eurojust and Europol announced the results of Operation Eastwood, a coordinated international action against NoName057(16) carried out between 14 and 17 July 2025. Authorities disrupted more than 100 servers worldwide, executed house searches in Germany, Latvia, Spain, Italy, Czechia, Poland and France, and issued seven international arrest warrants (six from Germany) including for two alleged main instigators based in the Russian Federation. Investigators also notified about 1,100 supporters and 17 administrators of their potential criminal liability. The group recruited roughly 4,000 supporters running DDoSia and had attacked critical infrastructure across the EU.

Spain's Civil Guard arrested three individuals in Manacor, Huelva and Seville on suspicion of participating in DDoS attacks targeting public institutions and strategic sectors in Spain and other NATO countries supporting Ukraine. According to Spain's Ministry of the Interior the suspects had used DDoSia, the custom DDoS platform developed and operated by NoName057(16). Computer equipment and documents were seized; the group responded on Telegram by declaring a 'vendetta' against the Spanish authorities and launching follow-on DDoS waves against Spanish targets.

Sekoia.io published a detailed analysis of NoName057(16)'s DDoSia project covering May and June 2023, identifying 486 distinct victim websites concentrated in Ukraine and NATO Eastern Flank countries (Lithuania, Poland, Czech Republic, Latvia) with secondary targeting of France, the UK, Italy and Canada. The report documents the project's Telegram-based recruitment (45,000+ subscribers on the main channel by June 2023), cryptocurrency rewards via TON, and rapid retargeting in response to political events such as French air-defence support to Kyiv.

SentinelLabs published a profile of NoName057(16), characterising it as a pro-Russian hacktivist collective conducting DDoS campaigns against Ukraine and NATO-aligned entities since March 2022. The analysis dissected two implementations of the group's DDoSia toolkit — an initial Python build and a newer Golang variant internally named 'Go Stresser' — and documented recent targeting of Polish government, Danish financial sector and Czech presidential-candidate websites in December 2022 and January 2023.