Full Report
An international law enforcement operation dubbed "Operation Eastwood" has targeted the infrastructure of the pro-Russian hacktivist group NoName057(16), responsible for distributed denial-of-service (DDoS) attacks across Europe and the US. [...]
Analysis Summary
# Threat Actor: NoName057(16)
## Attribution & Identity
Pro-Russian hacktivist group. Law enforcement action suggests core members may reside in Russia, with arrests and warrants issued across several European countries.
## Activity Summary
The group is known for executing Distributed Denial of Service (DDoS) attacks. Europol executed "Operation Eastwood" to disrupt the group, resulting in the disruption of over 100 servers hosting their infrastructure. The operation concluded with two preliminary arrests (France and Spain) and seven European arrest warrants issued, including six by Germany targeting individuals suspected of being primary operators, some residing in Russia. Despite the disruption, the actors continued to announce new attacks against German companies afterward, indicating potential resilience or rapid infrastructure rebuilding.
## Tactics, Techniques & Procedures
- Distributed Denial of Service (DDoS) attacks.
- **Note:** Specific MITRE ATT&CK IDs are not provided in the summary text.
## Targeting
- Sectors: General targeting suggested by the nature of DDoS campaigns; specifically noted continuing attacks against **German companies** post-disruption.
- Geography: Attacks seem internationally focused, with law enforcement actions spanning Germany, Latvia, Spain, Italy, Czechia, Poland, and France. Several warrants targeted individuals in **Russia**.
- Victims: Specific victim organizations are not detailed, only the general target sector (German companies).
## Tools & Infrastructure
- Infrastructure disruption involved taking offline **over 100 servers** hosting the group's operations/C2.
- **Note:** Specific malware families or C2 communication details are not provided.
## Implications
The successful disruption by international law enforcement (Operation Eastwood) represents a significant blow to the group's operational capabilities. However, the immediate resumption of activity suggests that key leadership remains unapprehended (likely in Russia), allowing for the likely rebuilding of infrastructure. This indicates the group has high operational resilience despite coordinated international takedown efforts.
## Mitigations
- Increased monitoring and resilience against **DDoS attacks**, particularly targeting German organizations, given the continuing threat post-operation.
- Organizations should enhance network infrastructure security to withstand high-volume denial of service attacks.