**UK NCSC Warns of Russia-Linked Hacktivists' Persistent DDoS Attacks**

The UK government has issued a warning about the ongoing threat from Russia-linked hacktivists, who are continuing to carry out distributed denial-of-service (DDoS) attacks against critical infrastructure and local government systems in the country.

According to an alert published by the National Cyber Security Centre (NCSC), these groups, which are aligned with the Russian state, have been targeting UK organisations since 2022. Their motivation is ideological, driven by opposition to Western support for Ukraine, rather than financial gain.

The NCSC warns that while DDoS attacks may seem simple in nature, they can still cause significant disruptions and damage to systems, operations, and finances. As a result, authorities are urging organisations, particularly local governments and critical infrastructure operators, to strengthen their defences and be prepared to respond to these types of attacks.

The alert comes after the NCSC and its partners warned about these groups targeting NATO and European countries in December 2025. Pro-Russian hacktivist group NoName057(16) has been particularly active since 2022, launching frequent DDoS attacks against government and private organisations across NATO and Europe, including UK local councils.

NoName057(16), which has over 4,000 supporters and employs a self-built botnet of hundreds of servers, spreads propaganda and recruits through social media, forums, and niche chat apps. They have also exploited poorly secured VNC connections to access operational technology (OT) devices in critical infrastructure, causing varying impacts, including physical damage.

The UK's NCSC has repeatedly warned about such Russian-linked, ideologically driven threats, noting that they now also target OT systems. The Centre urges organisations to strengthen their cyber defences and recommends understanding weak points in services, using ISP and third-party DDoS protections, enabling scalable infrastructure, preparing response plans, and regularly testing and monitoring systems.

"These attacks are ideologically (rather than financially) motivated, and reflect an evolution in the threat which now target UK operational technologies," continues the report. "As a result, the NCSC encourages all OT owners to follow recommended mitigation advice to harden their cyber defences."

Organisations affected by these attacks include:

• Swedish government and banking sites (2023)
• Over 250 German entities in 14 attack waves (2023)
• Dutch authorities linked them to an attack during the recent NATO summit
• Disrupted events in Switzerland, including the Ukraine Peace Summit

While these incidents were mitigated without major disruptions, they demonstrate the ongoing threat from Russia-linked hacktivists. The NCSC's warning serves as a reminder for organisations to be vigilant and take proactive steps to strengthen their cyber defences against these types of attacks.

**Recommendations:**

* Strengthen defences against DDoS attacks linked to Russia-linked groups * Understand weak points in services * Use ISP and third-party DDoS protections * Enable scalable infrastructure * Prepare response plans * Regularly test and monitor systems to detect and handle attacks quickly

**Stay informed:** Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest news and updates on cybersecurity threats.