Do Son 
The UK’s National Cyber Security Centre (NCSC) has issued a warning regarding the persistent threat posed by Russian-aligned hacktivist groups. In a recent alert, the NCSC highlighted a concerted effort by these groups to “disrupt operations, take websites offline and disable services” across the UK and globally.
At the center of this activity is a group known as NoName057(16). Active since March 2022, this group has explicitly targeted government and private sector entities in NATO member states and other nations “perceived as hostile to Russian geopolitical interests”.
The group’s tactics are relatively simple but effective, relying on Distributed Denial of Service (DDoS) attacks to overwhelm target networks. The alert notes that these attacks have frequently targeted “UK local government”.
“The group operates primarily through Telegram channels and used GitHub (and other websites and repositories) to host the proprietary tool DDoSia, and to share tactics, techniques, and procedures (TTPs) with their followers.”
Unlike criminal gangs motivated by ransom payments, these attackers are driven by ideology. The NCSC emphasizes that these operations are “ideologically (rather than financially) motivated,” reflecting an evolution in the threat landscape that now increasingly targets operational technologies (OT).
While financial attackers might negotiate, ideological attackers are focused solely on disruption and reputational damage.
To combat these DDoS waves, the NCSC advises organizations to focus on resilience and scalability. The alert recommends that defenders “make sure your service can rapidly scale,” utilizing cloud-native APIs or modern virtualization to absorb the additional load.
Furthermore, organizations are urged to have a robust response plan that includes “graceful degradation” of services, ensuring that essential functions can continue even if the wider system is under stress.
The NCSC encourages all organizations, particularly those managing operational technology, to review their “heightened cyber threat guidance” and harden their defenses against this ongoing geopolitical threat.
Related Posts:
- Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER
- Operation Eastwood: Europol Leads Massive Global Crackdown on Pro-Russian Cybercrime Group NoName057(16)
- NoName057(16): Russia’s DDoS Disruptors Target the West
- China Targets U.S. Tech Startups through Investments, NCSC Reveals
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
