Russian-aligned hacktivist groups continue to target the UK and global organisations by attempting to disrupt operations, take websites offline and disable services, according to the UK official NCSC (National Cyber Security Centre).
In December 2025, the NCSC was among official bodies that released an advisory highlighting that pro-Russian hacktivists groups have been conducting worldwide cyber operations against numerous organisations and critical infrastructure sectors.
In particular, the group NoName057(16) has been active since March 2022, and has been conducting attacks against government and private sector entities in NATO member states and other European countries that are perceived as hostile to Russian geopolitical interests, NCSC adds. The NCSC encourages all organisations to review its heightened cyber threat guidance collection, in particular the guidance on actions to take when the cyber threat is heightened.
As the authorities say, denial of service (DoS) attacks, although typically low in sophistication, can if successful disrupt entire systems, costing organisations time, money, and operational resilience by having to analyse, defend against, and recover from them. NCSC Director of National Resilience, Jonathon Ellison said: “By overwhelming important websites and online systems, these attacks can prevent people from accessing the essential services they depend on every day. All organisations, especially those identified in today’s alert, are urged to act now by reviewing and implementing the NCSC’s freely available guidance to protect against DoS attacks and other cyber threats.”
Comments
Christiaan Beek, Senior Director of Threat Intelligence and Analytics at the cyber firm Rapid7, said: “NoName057(16) consistently targets organisations where availability is closely tied to public trust, particularly local government websites, civic services, and other public-facing infrastructure.
“While the group presents itself as a grassroots hacktivist collective, the timing of its campaigns and the close alignment of its targeting with Russian geopolitical objectives mean we cannot rule out some level of state encouragement, coordination, or tacit approval. This reflects a broader trend in modern cyber operations, where hacktivist activity operates in a grey zone between independent activism and strategic state interests.”
Dr Ric Derbyshire, Principal Security Researcher at Orange Cyberdefense described the NCSC’s warning as sadly unsurprising; and highlighting the pace at which hacktivism is escalating into a strategic concern. He said: “I believe that we will see hacktivism continue to become more pervasive and consequential over the course of this year. This expansion is characterised by an emerging trend that we call escalatory hacktivism, where groups align with state-backed narratives and contribute to their host state’s hybrid warfare efforts — precisely the behaviour the NCSC is warning about. That strategic focus, coupled with chasing the ‘cyber-dragon’ of infamy, has pushed such hacktivist groups toward attacking operational technology environments, including those within local government and critical infrastructure.
“The UK must anticipate a further increase in both frequency and severity of attacks on critical infrastructure, with more pronounced physical effects. Defenders currently contend with IT-based ransomware from cybercriminals and state-driven pre-positioning or espionage, but they must prepare for a diversification of attacks from hacktivist groups that emphasise overt disruption.”
And Gary Barlet, Public Sector CTO at Illumio, said: “Modern supply chains and critical infrastructure are deeply interconnected, making disruption easier than ever. Hacktivists have successfully targeted essential services across Europe for years, and with rising geopolitical tensions in 2026, these attacks are likely to escalate.
“Downtime is the driving force not just behind hacktivist activity, but behind most cyber-criminal campaigns. We need a new way of dealing with DoS attacks. For too long, we have focused solely on prevention, and this approach has not worked.
“The NCSC’s advice signals a change by recommending that plans include retaining administrative access and implementing full-scale backup plans. However, there needs to be an entire mindset shift within critical infrastructure organisations to focus on prioritising impact mitigation and maintaining service and operational uptime.”
More in the February 2026 edition of Professional Security Magazine.
