Changeflow GovPing Cybersecurity NCSC: Pro-Russia Hacktivists Target UK Organisa...
Priority review Guidance Added Final

NCSC: Pro-Russia Hacktivists Target UK Organisations with DDoS Attacks

Favicon for www.ncsc.gov.uk NCSC UK News
Detected March 13th, 2026
Email

Summary

The UK's National Cyber Security Centre (NCSC) has issued guidance warning that pro-Russia hacktivist groups, particularly NoName057(16), continue to target UK organisations with DDoS attacks. The NCSC urges local government and critical infrastructure operators to review and harden their denial-of-service defences.

View original document View source feed page

What changed

The UK's National Cyber Security Centre (NCSC) has issued a warning and guidance regarding ongoing Distributed Denial of Service (DDoS) attacks targeting UK organisations by pro-Russia hacktivist groups, notably NoName057(16). These attacks, which have been active since March 2022, aim to disrupt operations and take websites offline, with a particular focus on government and private sector entities in NATO member states and other European countries perceived as hostile to Russian interests. The NCSC highlights the use of Telegram and GitHub for sharing tactics and tools like DDoSia, and notes an evolution in targeting operational technologies.

Organisations, especially in local government and critical infrastructure sectors, are strongly encouraged to review and enhance their denial-of-service (DoS) defences. This includes understanding potential attack vectors within their services, ensuring upstream defences with service providers are robust (e.g., through third-party DDoS mitigation services or Content Delivery Networks), and building services to allow for rapid scaling. While no specific compliance deadline is mentioned, the guidance implies an immediate need to review and implement these security measures to mitigate ongoing threats.

What to do next

  1. Review and harden denial-of-service (DoS) defences against DDoS attacks.
  2. Understand potential attack points within service architecture and identify responsibilities.
  3. Evaluate and enhance upstream defences with Internet Service Providers and consider third-party DDoS mitigation services or Content Delivery Networks.

Source document (simplified)

News Download & print article PDF

Pro-Russia hacktivist activity continues to target UK organisations

The NCSC encourages local government and critical infrastructure operators to harden their ‘denial of service’ (DoS) defences

Russian-aligned hacktivist groups continue to target the UK and global organisations by attempting to disrupt operations, take websites offline and disable services.

In December 2025, the NCSC co-sealed an advisory highlighting that pro-Russian hacktivists groups have been conducting worldwide cyber operations against numerous organisations and critical infrastructure sectors.

In particular, the group NoName057(16) has been active since March 2022, and have been conducting attacks against government and private sector entities in NATO member states and other European countries that are perceived as hostile to Russian geopolitical interests. These attacks have included frequent DDoS attempts against UK local government.

The group operates primarily through Telegram channels and used GitHub (and other websites and repositories) to host the proprietary tool DDoSia, and to share tactics, techniques, and procedures (TTPs) with their followers.

This is not the first time that the NCSC has called out activity from Russian-aligned groups targeting UK organisations. In 2023, the NCSC published an alert on the risk posed by state-aligned adversaries following the Russian invasion of Ukraine. **** These attacks are ideologically (rather than financially) motivated, and reflect an evolution in the threat which now target UK operational technologies. As a result, the NCSC encourages all OT owners to follow recommended mitigation advice to harden their cyber defences.

Understand and mitigate denial of service (DoS) attacks

The NCSC is advising all organisations review their defences, and to improve resilience against attacks from Russian-aligned groups. In particular, we’re encouraging all organisations review their DoS protections, which includes:

Understanding your service

There are probably many points in your service where an attacker can attempt to overload or exhaust available resources, thereby preventing you from serving legitimate users. You should understand where these points are, and in each case, determine whether you, or a supplier, are responsible.

Upstream defences

Ensure your service providers are ready to deal with resource exhaustion in places where they are uniquely placed to help. We recommend you:

  • understand the denial of service mitigations that your ISP has in place on your account
  • look into third-party DDoS mitigation services that can be used to protect against network traffic based attacks
  • consider deploying a content delivery network, for web-based services
  • understand when and how your service provider might limit your network access in order to protect their other customers
  • consider using multiple service providers for some functionality

Building to allow scaling

To deal with attacks which can’t be handled upstream (or only once detected and blocked), make sure your service can rapidly scale. Ideally, you should be able to scale all aspects of your application and infrastructure. Cloud-native applications can be automatically scaled using the cloud providers’ APIs. In private data centres, automated scaling is possible using modern virtualisation, but this will require spare hardware capacity to deal with the additional load.

Defining your response plan

Design your service and plan your response to an attack so that it can continue to operate (albeit in a degraded fashion). We recommend your plan includes:

  • graceful degradation
  • dealing with changing tactics
  • retaining administrative access during an attack
  • having a scalable fall-back plan for essential services

Testing and monitoring your service

Gain confidence in your defences by testing them, and ensure you can spot when attacks start by having the right tools in place. Test your defences so you know the types (and volume) of attacks you are able to defend. System monitoring will help you spot attacks when they begin, and analyse your response while it’s underway.

For more information, please refer to the NCSC’s core Denial of Service (DoS) guidance. In addition, the NCSC encourage all organisations to review our heightened cyber threat guidance collection, in particular the guidance on actions to take when the cyber threat is heightened.

Download & print article PDF Share Share Facebook LinkedIn X Copy Link

Published

19 January 2026

Written for

Large organisations Public sector Cyber security professionals

News type

Alert

Was this article helpful?


Blog Post

9 Sep 2025

Cyber resilience matters as much as cyber defence

Why planning and rehearsing your recovery from an incident is as vital as building your defences
News

14 Jun 2023

NCSC and international partners shine a light on Lockbit ransomware threat

New advisory recommends mitigations for network defenders to take against the ransomware strain most globally deployed.
Blog Post

29 Mar 2022

Use of Russian technology products and services following the invasion of Ukraine

Cyber security – even in a time of global unrest – remains a balance of different risks. Ian Levy, the NCSC's Technical Director, explains why.

Related changes

Favicon for www.find-tender.service.gov.uk Land Development Tender for Affordable Housing in Maidstone
Priority review Mar 14, 2026 Find a Tender - Latest Notices Trade Procurement
Favicon for www.find-tender.service.gov.uk Newark And Sherwood District Council Cinema Provision Award
Routine Mar 14, 2026 Find a Tender - Latest Notices Trade Procurement
Favicon for www.find-tender.service.gov.uk Northern Ireland Housing Executive - Response Maintenance Procurement
Priority review Mar 14, 2026 Find a Tender - Latest Notices Trade Procurement
Favicon for wid.cert-bund.de CPython Vulnerabilities Allow Remote Code Execution
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts
Favicon for wid.cert-bund.de Vim Vulnerability Allows Code Execution (CVSS 6.6)
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts
Favicon for wid.cert-bund.de FreeRDP Vulnerabilities - Remote Code Execution
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts

Source

Favicon for www.ncsc.gov.uk
NCSC UK News ncsc.gov.uk/api/1/services/v1/news-rss-feed.xml
Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various UK Agencies
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Government agencies Energy companies Manufacturers
Geographic scope
UK

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Critical Infrastructure DDoS Attacks Geopolitics

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when NCSC UK News publishes new changes.

Free. Unsubscribe anytime.