The UK government warns Russia-linked hacktivists are still carrying out DDoS attacks on critical infrastructure and local government systems
The UK government warns that Russia-linked hacktivists are continuing DDoS attacks against critical infrastructure and local government systems.
“Today, 19th January 2026, the National Cyber Security Centre (NCSC) – a part of GCHQ – has issued an alert highlighting the persistent targeting of UK organisations by Russian state-aligned hacktivist groups aiming to disrupt networks.” reads the alert published by NCSC. “Organisations, particularly local government authorities and operators of critical national infrastructure, are being encouraged to review their defences and improve their cyber resilience by preparing and being able to respond to denial of service (DoS) attacks. “
Authorities are urging organizations, especially local governments and critical infrastructure operators, to strengthen defenses and be ready to respond to DoS attacks.
While these attacks are technically simple, they can still disrupt systems and cause major operational and financial damage. The alert says the ongoing attacks come from Russian-aligned hacktivist groups motivated by ideology and opposition to Western support for Ukraine, not money. In December 2025, the NCSC and partners warned these groups were targeting NATO and European countries.
Pro-Russia hacktivist group NoName057(16) has been active since 2022, launching frequent DDoS attacks against government and private organizations across NATO and Europe, including UK local councils.
The pro-Russian hacker group NoName057(16) has ramped up DDoS attacks against countries supporting Ukraine, many of them NATO members. Since 2023, they’ve targeted Swedish government and banking sites, hit over 250 German entities in 14 attack waves, and disrupted events in Switzerland, including the Ukraine Peace Summit. Dutch authorities also linked them to an attack during the recent NATO summit. Thankfully, all incidents were mitigated without major disruptions.
The pro-Russian hacker group has over 4,000 supporters and employed a self-built botnet composed of hundreds of servers. The group spreads propaganda and recruits through social media, forums, and niche chat apps. Using platforms like DDoSia, they lower technical barriers.
Pro-Russia hacktivist groups like CARR, Z-Pentest, and NoName057(16) exploit poorly secured VNC connections to access OT devices in critical infrastructure, causing varying impacts, including physical damage, primarily targeting water, food, agriculture, and energy sectors. Their attacks are less sophisticated and lower-impact compared to APT groups.
The UK’s NCSC has repeatedly warned about such Russian-linked, ideologically driven threats, noting they now also target operational technology systems. It urges organizations to strengthen their cyber defenses.
“These attacks are ideologically (rather than financially) motivated, and reflect an evolution in the threat which now target UK operational technologies.” continues the report. “As a result, the NCSC encourages all OT owners to follow recommended mitigation advice to harden their cyber defences.”
The UK NCSC urges organizations to strengthen defenses against DoS attacks linked to Russia-linked groups. It recommends understanding weak points in services, using ISP and third-party DDoS protections, enabling scalable infrastructure, preparing response plans, and regularly testing and monitoring systems to detect and handle attacks quickly.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Russia-linked hacktivists)
