A significant blow was dealt to the notorious Russian hacking group NoName057(16) in a collaborative effort between Europol and Eurojust. Dubbed “Operation Eastwood”, this operation, conducted from July 14th to 17th, 2025, aimed to dismantle the group’s IT infrastructure. The result was the seizure of over 100 servers, both physical and virtual, and the arrest of several individuals, primarily Russian nationals, across France and Spain.
The international effort involved law enforcement agencies from a wide range of countries, including Sweden, Lithuania, the Netherlands, Switzerland, Finland, Canada, Belgium, Denmark, Estonia, Latvia, Romania, and the European Union Agency for Cybersecurity (ENISA). These agencies worked together to cripple the group’s online operations.
The technical aspects of the operation were expertly managed by ShadowServer and abuse.ch, two well-respected cybersecurity organizations that specialize in tracking and mitigating cybercriminal activities. Germany played a critical role, issuing warrants for seven individuals linked to the group, including the capture of six Russian nationals. This marked a significant setback for NoName057(16), a group that has long been known for its cyber attacks, particularly its campaigns targeting Ukraine due to its pro-Russian stance.
The Rise and Fall of NoName057(16)
NoName057(16) is a cybercriminal organization infamous for operating a vast network of botnets used to launch massive cyberattacks. The group’s primary target in recent years was Ukraine, as it aligned itself with pro-Russian political interests, continuously carrying out disruptive and malicious campaigns. However, the takedown of the group’s infrastructure in Operation Eastwood has dealt a significant blow to its operations, and many experts are hopeful that this marks the beginning of the end for the cybercrime group.
Despite previous successful operations leading to the arrests and takedowns of other criminal groups—such as the LockBit ransomware network—there’s a bitter truth to acknowledge: these hacking groups often have a remarkable ability to reconstitute themselves. With new tactics, improved sophistication, and a sharpened focus, these organizations are notorious for bouncing back, often more elusive and effective than before.
Ukrainian Cyber Offensive: A Blow to Gazprom
In a related development, Ukrainian Military Intelligence (HUR) has reported a successful cyberattack on Gazprom, one of Russia’s most powerful energy corporations. The attack reportedly led to the disruption and deletion of crucial backup copies and BIOS software, rendering Gazprom’s systems more vulnerable and significantly complicating recovery efforts.
Kyiv’s statement, released in the aftermath of the attack, cheekily congratulated Russian cyber professionals for their apparent reliance on “hammers and pincers” to try to fix the damage caused—suggesting that the attack had rendered their traditional technological tools useless. This pointed remark highlights the ongoing cyber warfare between Russia and Ukraine, with both sides increasingly relying on technology as a critical tool in their geopolitical struggle.
In response, Gazprom acknowledged the cyberattack but expressed confidence in its ability to recover. The company stated that its systems were indeed under siege, but reassured stakeholders that recovery efforts were already underway, with full system restoration expected within two weeks.
The Bigger Picture
Both these events underscore the growing role of cyber warfare in modern geopolitical conflicts. The destruction of NoName057(16)’s infrastructure signals a promising development in the fight against cybercrime, yet the persistent threat posed by such groups suggests that this victory may be short-lived. At the same time, Ukraine’s ability to disrupt Russian power infrastructure via cyberattacks on entities like Gazprom indicates a new phase in the ongoing digital war between the two nations.
As authorities and intelligence agencies continue to adapt to the evolving landscape of cyber threats, it remains to be seen how long-lasting these victories will be. Will NoName057(16) stay down, or will it rise from the ashes with even greater capabilities? And how will the cyberattacks on Russia’s most critical infrastructure shape future military strategies?
The digital battlefield is evolving rapidly, and both state and non-state actors are sharpening their cyber weapons, leading us into a new era of hybrid warfare that is just as impactful, if not more so, than traditional military tactics.
Join our LinkedIn group Information Security Community!
