Pro-Russian Cyberattacks Target Europe and Ukraine Amid War Crime Investigations

Severity: High (Score: 71.0)

Sources: Themoscowtimes, Unn.Ua

Summary

A pro-Russian hacker group, NoName057(16), has gamified cyberattacks on European nations, recruiting participants via Telegram and rewarding them with cryptocurrency. The group has conducted DDoS attacks against various public institutions and private companies since Russia's invasion of Ukraine in 2022. Despite a crackdown by Europol in July 2025, the group's activities have intensified, particularly targeting Denmark during its municipal elections in November 2025. Concurrently, the International Criminal Court is investigating Russian cyberattacks on Ukraine's civilian infrastructure, which may be classified as war crimes. These cyber operations have increasingly targeted energy systems and communication facilities, with significant implications for international law and accountability. The ongoing cyber warfare reflects the broader hybrid conflict between Russia and NATO countries, with Ukraine being a primary victim since 2014. Key Points: • NoName057(16) recruits volunteers for cyberattacks, rewarding them with cryptocurrency. • DDoS attacks have targeted European public institutions, notably during Denmark's elections. • International investigations may classify Russian cyberattacks on Ukraine as war crimes.

Key Entities

• Sandworm (apt_group)
• DDoS (attack_type)
• Malware (attack_type)
• Operation Eastwood (campaign)
• Central Election Commission (company)
• Canada (country)
• Denmark (country)
• France (country)
• Germany (country)
• Iran (country)
• Energy (industry)
• Financial (industry)
• Government (industry)
• DDoSia (tool)
• T1071 - Application Layer Protocol (mitre_attack)
• Android (platform)
• Linux (platform)
• MacOS (platform)
• Telegram (platform)
• Windows (platform)
• NotPetya (malware)