Content
The pro-Russian hacker group NoName057(16) is making headlines again. Between the end of July and the beginning of August 2025, the public websites of several German cities, including Trier, Mainz, Ludwigshafen, and Koblenz, were the target of coordinated DDoS attacks. These incidents highlight the growing threat posed by politically motivated cyberattacks in the context of hybrid warfare against states and municipalities.
International investigators strike against NoName057(16)
An entire infrastructure can be paralyzed with just one click. Between July 14 and 17, 2025, international investigators took action against the pro-Russian cybercrime network NoName057(16), which specializes in DDoS attacks. Under the code name “Operation Eastwood,” Europol coordinated an international strike involving authorities from over a dozen countries, including Germany, France, the US, and the Netherlands. The operation was also supported by ENISA and private partners.
The goal was to take NoName057(16)’s central server infrastructure offline, warn hundreds of supporters, and hold those behind the attacks accountable internationally. Investigators uncovered a network that is ideologically motivated but technically relatively simple, skillfully using gamification and cryptocurrencies to recruit volunteers. The attacks are specifically targeting countries that support Ukraine in its war against Russia. They show how political conflicts are increasingly shifting to the digital world.
Although “Operation Eastwood” was a severe blow to the hacker group, NoName057(16) reappeared shortly afterwards.
Return of the attacks: Trier and other cities affected
The first new attacks were documented on July 29, 2025, and intensified in the first week of August. The cyberattacks affected several websites of cities and districts in Saxony-Anhalt and Thuringia, including Magdeburg and Erfurt.
At the beginning of August, Mainz, Ludwigshafen, and Koblenz were also hit alongside Trier. According to the LKA, only public websites were affected; the city administration’s telephone and email communications remained fully functional. The financial damage was minor; the primary goal was to temporarily overload and disrupt the servers.
NoName057(16): Digital partisans in hybrid warfare
NoName057(16) is not just a group of hackers but acts as a digital paramilitary organization in hybrid warfare. Their actions illustrate how cyberattacks have become part of geopolitical conflicts – often below the threshold of conventional warfare.
For states, companies, and organizations in NATO countries, this means that the threat of ideologically motivated cyberattacks is real and requires long-term, continuous vigilance, strategic planning, and technical defenses.
The digital echo of war
Just a few days after Russia’s large-scale invasion of Ukraine in March 2022, the pro-Russian hacktivist network NoName057(16) became active. Since then, the politically motivated group has specialized in large-scale DDoS attacks targeting government and public institutions in countries that oppose Russia. According to the Insikt Group, the group recorded over 3,700 individual attack targets between July 2024 and July 2025, with Ukraine being the most affected, followed by France, Italy, and Sweden.
At its core, NoName057(16) operates for ideological reasons rather than financial gain. The network uses its own DDoS tool, “DDoSia,” which enables even technically inexperienced volunteers to carry out attacks. The group recruits helpers via Telegram channels, distributes attack targets, and rewards active participants with cryptocurrencies—a system that combines political loyalty and gamification.
Learn more about a GDPR-compliant, cloudbased and patented DDoS Protection that delivers, what it promises.
Technical structure and modus operandi
The infrastructure of NoName057(16) is remarkably structured. Tier 1 servers, which are only active for a short time, communicate exclusively with secure Tier 2 servers. This keeps control over the attacks stable. An analysis of the activities suggests that the operators work according to the Russian time zone and add new targets in two daily waves. This makes the attacks appear planned and coordinated.
The targets of the attacks are clear: disrupting critical government services, drawing public attention to pro-Russian narratives, and retaliating for political measures against Russia. Examples include attacks on Lithuanian infrastructure following EU sanctions, on Danish financial institutions for supporting Ukraine, and on Italian websites following “Russophobic” statements by the president.
Sisyphean task in the digital space
The fight against politically motivated and pro-Russian hacker groups such as “NoName057(16)” is like a modern-day Sisyphean task: with just one click, an entire infrastructure can be paralyzed, and every blow against the perpetrators is quickly answered with new attacks.
Although “Operation Eastwood” showed that international investigators can work together effectively to paralyze central structures and track down those behind them, the return of NoName057(16) just a few weeks later highlights the ongoing threat.
For states, municipalities, and companies, this means that cyber defense is not a one-time endeavor. Instead, a continuous and strategic approach is needed to remain capable of acting in a digital war.
Share this post
