Pro-Russia Hacktivist Activity Continues to Target UK Organisations
Summary:
The NCSC released an advisory warning that Russian-aligned hacktivist groups continue to target UK and global organizations with ideologically motivated cyberattacks designed to disrupt operations, take websites offline, and cripple key services. The January 2026 advisory highlighted worldwide campaigns against organizations and critical infrastructure, including frequent DDoS attacks on UK local government by NoName057(16), a pro-Russian hacktivist group.
NoName057(16) has been active since March 2022 and targets NATO member states and other European countries perceived as hostile to Russian interests. The group operates primarily via Telegram and has used platforms such as GitHub to host its proprietary DDoSia tool, a distributed denial-of-service platform that allows supporters to participate in coordinated attacks by installing client software that directs traffic at selected targets.
Security Officer Comments:
Although DoS attacks are technically less sophisticated, successful attacks can disrupt entire systems, costing organizations significant time, money, and operational resilience by having to analyze, defend against, and recover from them.
The NCSC previously warned about Russian-aligned cyber activity targeting UK organisations, issuing an alert in 2023 on the risks posed by state-aligned adversaries following Russia’s invasion of Ukraine. It continues to encourage organizations, particularly local authorities and critical national infrastructure operators, to strengthen cyber resilience and ensure they are prepared to defend against and respond to denial-of-service attacks.
Suggested Corrections:
Ensure your service providers are ready to deal with resource exhaustion in places where they are uniquely placed to help. We recommend you:
https://www.ncsc.gov.uk/news/pro-russia-hacktivist-activity-continues-to-target-uk-organisations
The NCSC released an advisory warning that Russian-aligned hacktivist groups continue to target UK and global organizations with ideologically motivated cyberattacks designed to disrupt operations, take websites offline, and cripple key services. The January 2026 advisory highlighted worldwide campaigns against organizations and critical infrastructure, including frequent DDoS attacks on UK local government by NoName057(16), a pro-Russian hacktivist group.
NoName057(16) has been active since March 2022 and targets NATO member states and other European countries perceived as hostile to Russian interests. The group operates primarily via Telegram and has used platforms such as GitHub to host its proprietary DDoSia tool, a distributed denial-of-service platform that allows supporters to participate in coordinated attacks by installing client software that directs traffic at selected targets.
Security Officer Comments:
Although DoS attacks are technically less sophisticated, successful attacks can disrupt entire systems, costing organizations significant time, money, and operational resilience by having to analyze, defend against, and recover from them.
The NCSC previously warned about Russian-aligned cyber activity targeting UK organisations, issuing an alert in 2023 on the risks posed by state-aligned adversaries following Russia’s invasion of Ukraine. It continues to encourage organizations, particularly local authorities and critical national infrastructure operators, to strengthen cyber resilience and ensure they are prepared to defend against and respond to denial-of-service attacks.
Suggested Corrections:
Ensure your service providers are ready to deal with resource exhaustion in places where they are uniquely placed to help. We recommend you:
- understand the denial of service mitigations that your ISP has in place on your account
- look into third-party DDoS mitigation services that can be used to protect against network traffic based attacks
- consider deploying a content delivery network, for web-based services
- understand when and how your service provider might limit your network access in order to protect their other customers
- consider using multiple service providers for some functionality
https://www.ncsc.gov.uk/news/pro-russia-hacktivist-activity-continues-to-target-uk-organisations