NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public services
Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
Pro-Russia hacktivists are targeting local government and critical infrastructure in the UK, the National Cyber Security Centre (NCSC) has warned.
In an advisory this week, the security agency issued an alert over increased DDoS attacks by state-aligned groups. These attacks are driven by ideology over Western support for Ukraine, rather than financial gain, and aren't directly controlled by the state.
"We continue to see Russian-aligned hacktivist groups targeting UK organizations, and although denial-of-service attacks may be technically simple, their impact can be significant," said NCSC director of national resilience Jonathon Ellison.
“By overwhelming important websites and online systems, these attacks can prevent people from accessing the essential services they depend on every day."
In particular, the NCSC cites the NoName057(16) group, active since March 2022, and operating mainly through Telegram channels. It uses GitHub, along with other websites and repositories, to host the proprietary DDoS tool, DDoSia, and to share tactics, techniques, and procedures (TTPs) with its followers.
NoName057(16) has carried out numerous attacks against government bodies and the private sector in countries perceived as hostile to Russian geopolitical interests, including frequent DDoS attempts against UK local authorities.
“NoName057(16) consistently targets organisations where availability is closely tied to public trust, particularly local government websites, civic services, and other public-facing infrastructure," said Christiaan Beek, senior director of threat intelligence and analytics at Rapid7.
"While the group presents itself as a grassroots hacktivist collective, the timing of its campaigns and the close alignment of its targeting with Russian geopolitical objectives mean we cannot rule out some level of state encouragement, coordination, or tacit approval."
Russian hacktivists are an ever-present threat
Russian hacktivism isn't a new problem. In 2023, the NCSC published an alert on the risk posed by state-aligned adversaries following the Russian invasion of Ukraine.
In December, alongside international partners, it co-sealed an advisory which called out pro-Russian hacktivist groups for targeting government and private sector entities.
The NCSC advises organizations to take preventative action – with the first steps being to discover weak points and look for help from upstream service providers.
To deal with attacks which can’t be handled upstream – or only once detected and blocked – they should make sure their service can rapidly scale.
Similarly, the agency said organizations should define a response plan, covering graceful degradation of services, dealing with changing tactics, retaining administrative access during an attack and having a scalable fallback plan for essential services.
Gary Barlet, public sector CTO at Illumio, welcomed the focus on mitigation as well as prevention.
"We need a new way of dealing with DoS attacks. For too long, we have focused solely on prevention, and this approach has not worked," he said.
"The NCSC’s advice signals a change by recommending that plans include retaining administrative access and implementing full-scale backup plans. However, there needs to be an entire mindset shift within critical infrastructure organizations to focus on prioritizing impact mitigation and maintaining service and operational uptime.”
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Poised for the future: Key cybersecurity growth opportunities for MSPsIndustry Insights There are myriad opportunities on the horizon for partners who can tap into customer needs
-
26% of privacy professionals are bracing for a breach this yearNews Overworked, underfunded privacy teams are being left hung out to dry by executives
-
An AWS CodeBuild vulnerability could’ve caused supply chain chaos – luckily a fix was applied before disaster struckNews A single misconfiguration could have allowed attackers to inject malicious code to launch a platform-wide compromise
-
There’s a dangerous new ransomware variant on the block – and cyber experts warn it’s flying under the radarNews The new DeadLock ransomware family is taking off in the wild, researchers warn
-
Supply chain and AI security in the spotlight for cyber leaders in 2026News Organizations are sharpening their focus on supply chain security and shoring up AI systems
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
NHS supplier DXS International confirms cyber attack – here’s what we know so farNews The NHS supplier says front-line clinical services are unaffected
-
The NCSC touts honeypots and ‘cyber deception’ tactics as the key to combating hackers — but they could ‘lead to a false sense of security’News Trials to test the real-world effectiveness of cyber deception solutions have produced positive results so far
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
