UK warns of sustained cyberthreat from pro-Russian hacktivists
Britain’s cyber watchdog warned on Monday that Russian-aligned hacktivist groups are continuing to target U.K. and international organizations with disruptive cyberattacks.
The National Cyber Security Centre (NCSC) highlighted how pro-Russian groups have attempted to take websites offline, disrupt services and interfere with operations across the public and private sectors, including through repeated distributed denial-of-service (DDoS) attacks against British local government bodies.
One of the groups named in the advisory, NoName057(16), has been active since the early days of Russia’s full-scale invasion of Ukraine in 2022. It has repeatedly targeted government agencies and private companies in NATO countries and other European states that Moscow views as hostile to its geopolitical interests.
British authorities said the group operates largely through Telegram channels and has used platforms such as GitHub to host and distribute its custom tool, known as DDoSia, as well as to share tactics and techniques with supporters.
This is not the first time the NCSC has warned about cyberthreats from Russian-aligned actors. In 2023, the agency issued an alert about the growing risks posed by state-aligned adversaries following the invasion, noting that ideologically driven attacks were increasingly targeting U.K. operational technology systems.
Officials said the hacktivists are motivated by ideology rather than profit and are increasingly focusing on systems that underpin critical services.
The warning echoes a separate advisory issued in December by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which said pro-Russian hacktivists were conducting opportunistic, low-impact attacks against global critical infrastructure.
U.S. officials noted that such groups typically carry out less sophisticated operations than state-sponsored hackers, but warned their activity can still cause real-world disruption — and in some cases physical damage. Sectors targeted have included water and food systems, agriculture and energy.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.