The UK’s National Cyber Security Centre reports ongoing cyber operations by Russian-aligned hacktivist groups targeting organizations in the UK and abroad.
NoName057(16) remains active
In December 2025, the NCSC co signed an advisory warning that pro-Russian hacktivist groups were conducting cyber operations worldwide against organizations and critical infrastructure sectors.
One group highlighted by the NCSC is NoName057(16), which has been active since March 2022. The group has targeted government and private sector entities across NATO member states and other European countries viewed as hostile to Russian geopolitical interests.
UK local government bodies have appeared frequently in the group’s campaigns. Attacks against council websites and online services have largely taken the form of DDoS activity.
The group operates mainly through Telegram channels, where it coordinates activity and posts claims of responsibility. It has also used GitHub and other code hosting platforms to distribute its proprietary DDoSia tool and share tactics, techniques, and procedures with supporters.
NCSC urges renewed focus on disruption resilience
The NCSC is urging organizations to review their defensive posture and strengthen operational resilience, with a particular emphasis on strengthening DoS protections.
The UK has recently announced a new Government Cyber Action Plan aimed at making online public services more secure and resilient, allocating £210 million (approximately $283 million) for its implementation.
“The NCSC’s warning of Russian-aligned hacktivist groups disrupting the UK economy is concerning, but sadly unsurprising. The fact that this warning is emerging so early in 2026 highlights the pace at which hacktivism is escalating into a strategic concern. I believe that we will see hacktivism continue to become more pervasive and consequential over the course of this year,” Dr Ric Derbyshire, Principal Security Researcher, Orange Cyberdefense, told Help Net Security.
“This expansion is characterized by an emerging trend that we call escalatory hacktivism, where groups align with state-backed narratives and contribute to their host state’s hybrid warfare efforts — precisely the behavior the NCSC is warning about. That strategic focus, coupled with chasing the ‘cyber-dragon’ of infamy, has pushed such hacktivist groups toward attacking operational technology environments, including those within local government and critical infrastructure,” Derbyshire explained.
“The UK must anticipate a further increase in both frequency and severity of attacks on critical infrastructure, with more pronounced physical effects. Defenders currently contend with IT-based ransomware from cybercriminals and state-driven pre-positioning or espionage, but they must prepare for a diversification of attacks from hacktivist groups that emphasise overt disruption,” Derbyshire concluded.