Decoding the news. The investigation was conducted simultaneously in Italy, Germany, the United States, the Netherlands, Switzerland, Sweden, France, and Spain.
- It targeted NoName057, one of the most active groups behind Distributed Denial of Service (DDoS) attacks on public infrastructure and government websites across Europe.
- The operation marks a significant step forward in Europe’s response to cyber threats with geopolitical motivations.
Who is NoName057? Active since March 2022, NoName057 has conducted thousands of cyberattacks targeting transportation systems, banks, healthcare providers, and telecommunications networks.
- The group operates through a layered infrastructure: a command-and-control hub based in Russia, intermediary servers used to mask traffic, and thousands of volunteer-operated devices.
- Recruitment took place on Telegram, particularly through the DDosia Project channel, which provided software tools for joining and participating in the attacks.
International coordination. Eurojust and Europol supported the operation.
- Italy’s National Centre for Cybercrime Protection of Critical Infrastructure (CNAIPIC) and the Polizia Postale, which oversees cybercrime enforcement, led the investigative activities. Six Italian regions were involved in the effort.
- Over 600 servers used to conduct the attacks were shut down or seized in several countries.
- Authorities continue tracing other members identified through Telegram accounts and cryptocurrency transactions.
- Five international arrest warrants have been issued against Russian nationals, two of whom are believed to be leading the organisation.
The latest against Italy. On July 15, pro-Russian group NoName057(16) launched a new wave of DDoS attacks against Italian institutions and several companies. The operation was claimed as retaliation for the Ukraine Recovery Conference (URC2025), held this year in Rome.
- Italy’s National Cybersecurity Agency (ACN), which anticipated the threat, issued early warnings that, thanks to strengthened cyber alert protocols, helped prevent major service disruptions.
The expert’s take. According to Beniamino Irdi, CEO of Highground and nonresident fellow at the Atlantic Council, the investigation highlights two defining traits of hybrid threats: dispersion and gradualism.
- Dispersion: Targets span vastly different domains — from infrastructure to media — often with poor inter-sector communication. This makes it “harder for authorities to build a comprehensive threat picture,” Irdi says, and calls for “a rethinking of the very concept of national security.”
- Gradualism: Pro-Russian hacker groups don’t seek shock-and-awe. Instead, their strategy is “thousands of small-scale attacks designed to erode the normal functioning of society gradually,” Irdi explains.
What we’re watching. The operation highlights the increasingly tight nexus between cyber threats and geopolitical conflict. The ability of pro-Russian hacker groups to disrupt civilian targets in Europe poses a growing challenge to the continent’s digital and physical (IoT) security.
- Coordination among European countries and national and international law enforcement authorities is “an encouraging sign,” Irdi adds, and is essential to effectively countering hybrid threats.
