Key Takeaways
- The U.K.’s National Cyber Security Centre has warned of pro-Russia hacktivists targeting critical infrastructure providers and local governments with malicious activity.
- The threats are linked to perceived support of Ukraine and have prompted U.K. officials to urge security teams to review their defense postures and improve resilience.
- The warning specifically references a hacktivist group called NoName057(16), which has been engaged in attacks targeting private sector and government agencies in NATO member states and other European countries since 2022.
- Security experts expect to see an escalation in threat activity from hacktivist groups over the course of 2026, characterized by an emerging trend of "escalatory hacktivism".
Introduction to the Threat
The U.K.’s National Cyber Security Centre (NCSC) has issued a warning about pro-Russia hacktivists targeting critical infrastructure providers and local governments with malicious activity designed to cause disruption. This warning comes as direct military attacks have escalated amid efforts by the Trump administration to seek an end to the conflict in Ukraine. The NCSC has urged security teams to review their defense postures and take steps to improve resilience, warning that they should be prepared for potential denial of service attacks. This warning is not the first of its kind, as a joint advisory was issued just over a month ago by Western cyber authorities, including the Cybersecurity and Infrastructure Security Agency, the FBI, and other international agencies, warning of Russia hacktivist threats.
The Hacktivist Group NoName057(16)
The newly issued U.K. warning specifically references a hacktivist group called NoName057(16), which has been engaged in attacks targeting private sector and government agencies in NATO member states and other European countries since 2022. This group has frequently targeted local governments in the U.K. and operates mostly through Telegram, using GitHub to host a proprietary tool called DDoSia. The group’s activities are characterized by their use of denial of service attacks, which are designed to overwhelm a website or network with traffic in order to make it unavailable to users. This type of attack can have significant consequences for critical infrastructure providers and local governments, as it can disrupt essential services and cause significant financial losses.
Escalatory Hacktivism
Security experts have warned that they expect to see an escalation in threat activity from hacktivist groups over the course of 2026. This escalation is characterized by an emerging trend that has been dubbed "escalatory hacktivism", where groups align with state-backed narratives and contribute to their host state’s hybrid warfare efforts. This type of hacktivism is particularly concerning, as it has the potential to cause significant disruption and damage to critical infrastructure providers and local governments. Ric Derbyshire, principal security researcher at Orange Cyberdefense, has noted that this expansion is precisely the behavior that the NCSC is warning about, and that it highlights the need for security teams to be vigilant and proactive in their defense against these types of threats.
Previous Warnings and Attacks
The joint advisory issued in December referenced other hacktivist groups, including Sector16, Z-Pentest, and the Cyber Army of Russia Reborn, which has been linked to prior attacks against water utilities in the U.S. These groups have been engaged in a range of activities, including denial of service attacks, data breaches, and malware infections. The warnings issued by the NCSC and other cyber authorities highlight the need for security teams to be aware of the potential threats posed by these groups and to take steps to protect themselves against these types of attacks. This includes reviewing their defense postures, improving resilience, and being prepared for potential attacks.
Conclusion and Recommendations
In conclusion, the warning issued by the NCSC highlights the need for security teams to be vigilant and proactive in their defense against pro-Russia hacktivists. The threat posed by these groups is significant, and has the potential to cause disruption and damage to critical infrastructure providers and local governments. Security teams should review their defense postures and take steps to improve resilience, including being prepared for potential denial of service attacks. By taking these steps, security teams can help to protect themselves against the threats posed by pro-Russia hacktivists and ensure the continuity of essential services. It is also important for security teams to stay informed about the latest threats and trends, and to be aware of the potential risks posed by hacktivist groups. By working together and sharing information, security teams can help to prevent attacks and protect against the threats posed by pro-Russia hacktivists.
