When servers go silent
In July 2025, an international task force of cyber investigators succeeded in identifying three suspected criminals. The case highlights the importance of international police cooperation, particularly in the fight against cybercriminals who are closely networked across national borders.
Targeted, coordinated and carrying a political message – this is how investigators describe the wave of DDoS attacks that hit over 200 Swiss websites in June 2023. DDoS stands for Distributed Denial of Service and refers to a method in which servers are overloaded with huge volumes of requests, causing them to crash. The aim is to block or disrupt digital services. Parliament’s platform was particularly affected in 2023. The pro-Russian hacker group NoName057(16) has claimed responsibility for the attacks, thereby openly acknowledging its intention to destabilise Western democracies.
Even as the attacks were underway, fedpol realised that these were not isolated technical glitches, but rather coordinated cyberattacks on a global scale. Together with the Office of the Attorney General of the Swiss Confederation and the National Cyber Security Centre (NCSC), fedpol launched a comprehensive investigation.
An international response to an international network
fedpol brought the case to the European level as early as 2023, launching Operation EASTWOOD in collaboration with Canada. It grew into an operation involving 19 countries, coordinated by Europol and the Joint Cybercrime Action Taskforce (J-CAT).
From 2023 to 2025, hundreds of DDoS attacks occurred worldwide, claimed by NoName057(16). Thanks to a detailed analysis of the attacks, fedpol succeeded in identifying patterns. Clues about the structure of the criminal group, combined with further investigative findings, led to the identification of those responsible, namely three suspected key members of the hacking group, and to the issuance of warrants for their arrest in spring 2025.
On 15 July 2025, authorities gained access to the botnet – a network that connects hundreds or even thousands of computers via installed files and uses these connected machines to perform specific actions on command from a remote computer. In several countries, law enforcement officers searched homes, seized computers and took servers offline. Over 100 systems were disabled worldwide, including the core infrastructure of the group NoName057(16). Ten arrest warrants were issued, two of which were executed immediately. Over 1,000 individuals who supported the network were informed of their potential criminal liability for installing the network connection on their computers. No searches were required in Switzerland – as far as is known, Swiss computers were not connected to the network.
Hidden online – but not untouchable
The hacker group always deliberately chose the timing of its attacks for their strong symbolic significance, including Ukrainian President Volodymyr Zelenskyy’s speech at the Federal Palace in June 2023, the World Economic Forum in January 2024, and the Eurovision Song Contest in Basel in May 2025. The hacker group aims to provoke, cause a public stir and create uncertainty. Yet Operation EASTWOOD makes it clear that even in the digital realm, perpetrators cannot hide behind the anonymity of the virtual world if law enforcement agencies act decisively and in coordination.
The NoName057(16) case illustrates what is required to successfully combat cybercrime today. This includes cross-border thinking and action, technological expertise and extensive coordination. fedpol assumes this role as a national hub.
“I am proud that fedpol, together with Canada, was able to launch an operation of this scale, involving so many countries. Our success was down to excellent teamwork from our J-CAT delegation at Europol, through IT forensics and operational criminal analysis, right down to the investigators.”
Andreas, Federal Cybercrime Investigator