Shielding critical infrastructure against cyberattacks: three suspected criminals identified
Bern, 16.07.2025 — The Office of the Attorney General (OAG) initiated criminal proceedings against persons unknown in response to a spate of DDoS attacks targeting a number of federal websites in June 2023, for which the pro-Russian collective "NoName057(16)" claimed responsibility. In the spring of 2025, several members of this collective could be identified following an extensive international investigation to which the OAG and fedpol contributed significantly. The OAG has broadened the criminal proceedings to include three ringleaders of this collective and issued warrants for their arrests. The operators of the more than 200 Swiss websites targeted where feasible received prior warning and support in warding off the attacks from the National Cyber Security Centre (NCSC). The whole process can be considered a success story, highlighting the value of international cooperation in the fight against cybercrime.
From 7 to 19 June 2023, a range of Swiss domains, including the Swiss parliamentary website, were targeted by DDoS attacks (Distributed Denial-of-Service) and temporarily became unavailable or largely unresponsive. In connection with these cyberattacks, the OAG initiated criminal proceedings against persons unknown in June 2023 on the charges of damage to data (Art. 144bis no. 1 para. 2 of the Swiss Criminal Code [SCC]) and coercion (Art. 181 SCC). Other significant DDoS attacks took place while the investigation was ongoing, most notably in connection with the following events:
- 15 June 2023: Video address by Ukrainian President Volodymyr Zelensky before a joint session of the Federal Assembly
- 25 November 2023: Visit to Ukraine by former Federal Councillor Alain Berset
- 15–19 January 2024: World Economic Forum (WEF)
- 15/16 June 2024: Summit on Peace at the Bürgenstock
- 20–24 January 2025: World Economic Forum (WEF)
- 16 May 2025: Eurovision Song Contest
Responsibility for all these DDoS attacks was claimed by "NoName057(16)", a collective of pro-Russian activists who, since the onset of the war in Ukraine in March 2022, has perpetrated a series of DDoS attacks against a large number of western states that it sees as espousing a pro-Ukrainian stance.
Intensive international investigations coordinated by Europol and initiated by fedpol have led to the identification of three alleged key members of the group. The OAG has therefore broadened its criminal proceedings to these three individuals, issuing warrants for their arrests, and will put the criminal proceedings against them on hold pending their detention.
International cooperation
A possible connection to the internationally active group was identified from the earliest investigatory stages, alongside the deployment of countermeasures to repel the initial attacks. In Switzerland the investigation identified more than 200 Swiss websites that had been targeted by the collective, several of which were federal or cantonal administrative units or operators of critical infrastructure. Where contactable, the operators of the websites targeted each received prior warning and support in warding off the attacks from the National Cyber Security Centre (NCSC).
Police raids took place in several countries as part of Europol-coordinated Action Day, during which properties were searched, networked computers seized, and arrests carried out. To date no resident individuals, nor any networked computers used in the attacks, have been identified on Swiss territory.
These results show that prosecution authorities are capable of identifying sophisticated cybercriminals and offering protection against their actions. The case provides further evidence of the vital role that international cooperation plays in combating cross-border cybercrime effectively. The OAG and fedpol thank all partners involved for the excellent and productive collaboration.
Original text of the press release in German.