UK warns of sustained cyberthreat from pro-Russian hacktivists

Steven

UK warns of sustained cyberthreat from pro-Russian hacktivists

Summary

Britain’s National Cyber Security Centre (NCSC) has warned that pro-Russian hacktivist groups continue to carry out disruptive cyberattacks against UK and international organisations. The advisory highlights repeated distributed denial-of-service (DDoS) campaigns against local government bodies and other public- and private-sector targets. One named actor, NoName057(16), has been active since 2022 and uses Telegram channels and platforms such as GitHub to distribute a custom DDoS tool called DDoSia and to coordinate supporters.

The NCSC’s warning echoes a December advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), which described opportunistic, low-impact attacks against critical infrastructure sectors including water, food, agriculture and energy. Although these hacktivist operations are typically less sophisticated than state-sponsored campaigns, authorities stress they can still cause real-world disruption and occasionally physical damage.

Key Points

  • The NCSC warns of ongoing disruptive activity by Russia-aligned hacktivist groups targeting UK and international organisations.
  • Repeated DDoS attacks have targeted British local government bodies and service providers.
  • NoName057(16), active since 2022, is named as a persistent actor using Telegram and GitHub to share tools and tactics.
  • Attackers are ideologically motivated rather than financially driven and are increasingly focusing on systems that support critical services.
  • CISA issued a related advisory noting opportunistic attacks on critical infrastructure sectors — low technical sophistication but real disruption risk.
  • Authorities warn that even low-sophistication hacktivism can have tangible operational and safety impacts on affected sectors.

Content summary

The NCSC advisory sets out that pro-Russian hacktivists continue to target UK organisations with disruptive measures such as DDoS, aiming to take websites offline and interfere with operations. NoName057(16) is highlighted as a repeat offender that leverages public platforms to distribute a DDoS capability and coordinate supporters. The bulletin aligns with similar US guidance from CISA, which observed opportunistic attacks against elements of global critical infrastructure. While these groups do not usually show the technical sophistication of state actors, their ideologically driven activity still poses a clear risk to services and communities.

Context and relevance

This advisory matters if you run or protect UK-facing services, operate critical infrastructure or work in IT/security operations. It underlines a broader trend: hacktivist activity tied to geopolitical conflicts has become more persistent and is targeting the backbone of services, not just websites. The use of widely available platforms (Telegram, GitHub) and off-the-shelf tools means the barrier to entry is low, so organisations should treat these threats as persistent nuisances that can escalate into operational incidents.

Author style

Punchy: Short, sharp and timely — this is one to pay attention to. The NCSC naming actors and methods is a clear signal that defenders should treat the activity as sustained, not a one-off. If you manage services or infrastructure, the advisory is effectively a nudge to check defences and incident plans now rather than later.

Why should I read this?

Quick take: if you care about running services in the UK or Europe, read this. It tells you that pro-Russian hacktivists are persistent, using easy-to-access channels and tools to cause disruption — so even modest resources can lead to real problems for public services and critical sectors.

Source

Source: https://therecord.media/uk-ncsc-warning-russia-aligned-hacktivist-groups