Redazione RHC : 17 July 2025 10:48
The international “Eastwood” operation represents a watershed moment in the fight against cyberterrorism. For the first time, a coordinated global operation has dealt a severe blow to one of the most active cells of pro-Russian hacktivists: the “NoName057(16)” collective.
An operation that not only identified those responsible, but also decapitated the criminal infrastructure behind thousands of attacks against European democracies.
Conducted by the Rome prosecutor’s office with the coordination of the National Anti-Mafia and Counterterrorism Directorate, “Eastwood” saw the simultaneous involvement of authorities from Germany, the United States, the Netherlands, Switzerland, Sweden, France, and Spain, in addition to the crucial contribution of Eurojust and Europol. At the center of the investigation are five individuals believed to be active members of the “NoName057” group, identified thanks to the collaborative efforts of CNAIPIC (National Anti-Cybercrime Center for the Protection of Critical Infrastructure) and Postal Police departments from six Italian regions.
NoName057 is not just a cybercriminal group: it is a digital war machine serving pro-Russian propaganda, born in March 2022 in the aftermath of the invasion of Ukraine. Their goal is to sabotage the IT infrastructure of European nations considered hostile to Russia, attack transportation, healthcare, telecommunications, and financial services, and paralyze governments and institutions.
Through encrypted Telegram channels, particularly the infamous “DDosia Project,” the group recruited sympathizers and coordinated attacks. Members joined by downloading dedicated software, using their computing power to overload the servers of public and private entities through Distributed Denial of Service (DDoS) attacks.
The investigations dismantled the complex technological network that connected servers located primarily in Russia, with hundreds of intermediate nodes used to obfuscate the origin of the signals. More than 600 servers were seized or deactivated. Not only were five international arrest warrants issued against Russian citizens, but two of them are considered the operational leaders of the collective.
The charge is extremely serious: association with the purpose of international terrorism and subversion of the democratic order, pursuant to art. 270-bis of the Italian Criminal Code.
The NoName057 case highlights how the line between cybercrime and cyberterrorism is progressively blurring.
In theory, the distinction exists. Cybercriminals are driven by profit: data theft, online scams, ransomware extortion. Cyberterrorists act for ideological or political reasons: they want to terrorize, destabilize, and create chaos for geopolitical or ideological purposes.
In operational reality, however, the boundaries are blurred. Groups born for economic purposes can become politicized, exploiting international tensions, just as terrorist organizations can resort to typical cybercriminal techniques—such as ransomware—to self-finance.
The emergence of cyberwarfare, hybrid warfare, and state-fueled digital propaganda makes the picture even more opaque. Watertight compartments no longer exist. The activist hacker, the digital criminal, and the online terrorist often confuse each other, overlap, and exchange tools and know-how.
Another critical aspect is that it is often extremely complex to determine whether another state is behind an attack. In these cases, we enter the realm of cyberwarfare, not traditional terrorism, and attribution becomes a very difficult operation. In addition to digital forensics, sophisticated intelligence activities are required, consisting of cross-analysis, source collection, and strategic monitoring, without which it is impossible to distinguish between the actions of a terrorist group and those of state or state-sponsored actors.
Another operational criticality further complicates the picture. Even when the perpetrators of the attacks are identified, international investigations face the difficulty of extraditing them and holding them in person for trial. Cyberterrorists often find themselves or take refuge in countries that refuse judicial cooperation or even protect them for geopolitical reasons, rendering judicial orders issued at European or international level ineffective.
Cyberterrorism is merely the latest evolution of the traditional terrorist threat. The distinguishing feature from simple cybercrime is not the tool used, but the goal pursued: panic, political destabilization, subversion of the democratic order.
The cyber revolution has offered terrorist groups enormous advantages: the ability to operate remotely, maintain anonymity, cover their tracks, and coordinate on a global scale with minimal cost.
In the hacker ecosystem, there are very distinct categories:
There is no shortage of examples of online propaganda, encrypted channels, extremist newsgroups, and actual digital platforms dedicated to recruitment and covert financing. The Internet allows terrorist groups to propagate their ideas at negligible cost, reaching global audiences, and bypass traditional investigative control systems.
The war on cyberterrorism is fought not only on servers, but also in the courts. In Italy, legislation has evolved to address the new scenario.
Law No. 547 of 1993 introduced cybercrime for the first time.
Law No. 48 of 2008, which ratified the Budapest Convention on Cybercrime, harmonized the regulatory framework with European directives.
In particular, Article 270-quinquies punishes those who disseminate terrorist training techniques online, while Article Article 414 provides for harsher penalties for advocacy and incitement if disseminated online.
Operation “Eastwood” confirms that cyberterrorism is not a marginal phenomenon, but a concrete and expanding threat. Firewalls and antivirus programs are no longer enough. A systemic response is needed, integrating technology, intelligence, international cooperation, and a robust legal framework.
Cyber warfare is fought silently, between lines of code and anonymous servers, but it has devastating effects on the real world. And when the attackers aren’t just criminals, but organizations motivated by political and geopolitical objectives, the risk becomes systemic.
In cyberspace, terrorism has found a new battlefield. And the first step in countering it is to recognize its forms, understand its logic, and strengthen legal and investigative tools.
Redazione