2026-02-10 18:49
publication
2026-02-10 18:49
Three new charges – disrupting and preventing automatic processing of IT data of the Ministry of Finance, GDDKiA and the Warsaw Metro – were brought against an 18-year-old suspected of activities coordinated with the pro-Russian cybercrime group NoName057(16), the prosecutor's office told PAP.
In mid-July 2025, as part of the investigation of the District Prosecutor's Office in Płock, officers of the Central Bureau for Combating Cybercrime from the management board in Radom detained in the province. an 18-year-old from Lower Silesia, who was subsequently charged with five charges involving activities coordinated with the pro-Russian cybercrime group NoName057(16).
These charges concerned attempting to and interfering with the automatic processing and collection of IT data and obtaining software used to commit these crimes. This type of activity, as established at the then stage of the proceedings, was undertaken by the 18-year-old from January to May 2024, and it concerned various entities.
The investigation covers a total of eight charges
Marcin Bagiński, deputy district prosecutor in Płock, when asked about the current course of the investigation in this case, informed PAP on Tuesday that the decision to bring charges against the 18-year-old was recently supplemented with three additional acts to the detriment of further victims.
– The charges have been announced. The suspect's defense line presented during the interrogation is currently being checked, prosecutor Bagiński told PAP. As he specified, three new charges against the 18-year-old concern disrupting and preventing automatic processing of IT data to the detriment of the Ministry of Finance, the General Directorate for National Roads and Motorways and the Warsaw Metro company. He added that these events took place in January and April 2024.
The deputy district prosecutor in Płock admitted that the remaining evidence collected in the investigation is still being verified, in which the 18-year-old is currently the only suspect. However, he refused to provide the names of the entities – due to their nature and the interests of the proceedings – that had been identified earlier as the injured parties, and therefore the suspect was charged with the first five charges.
– Currently, the investigation covers a total of eight charges – noted prosecutor Bagiński.
The proceedings of the Płock District Prosecutor's Office concern Art. 268a. par. 1. of the Penal Code, which states that “whoever, without being authorized to do so, destroys, damages, deletes, changes or impedes access to IT data, or significantly disrupts or prevents the automatic processing, collection or transmission of such data, shall be subject to the penalty of imprisonment for up to 3 years.”
Grand Operation Eastwood
This investigation was initiated in February 2025 and was the only one in Poland that was part of a joint international operation code-named “Eastwood”, coordinated by Europol and targeting the NoName057 group(16).. Law enforcement agencies from Poland, the Czech Republic, France, Finland, the Netherlands, Germany, Lithuania, Spain, Sweden, Switzerland, Italy and the USA took part in this operation. It was supported by Eurojust and the European Union Agency for Cybersecurity, as well as Belgium, Canada, Estonia, Denmark, Latvia, Romania and Ukraine.
According to the Central Bureau for Combating Cybercrime, the international operation codenamed “Eastwood” lasted from July 14 to 17 and was coordinated by Europol. Private websites ShadowServer and abuse.ch also assisted in the operation. These actions “led to the disruption of the attack infrastructure consisting of over a hundred computer systems around the world, while a significant part of the group's central server infrastructure was disabled,” it reported, among others. in July 2025. Central Office for Combating Cybercrime.
Already during the proceedings against the 18-year-old, it was reported that he was an “active member” of a pro-Russian cybercriminal group on the Telegram messenger and “took active part in attacks on, among others, the websites of municipal transport companies, an online store and official domains of state authorities.” During DDoS – Distributed Denial of Service attacks, websites or online services were flooded with network traffic in order to overload them and make them unavailable. (PAP)
mb/ agz/
