The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive denial-of-service (DDoS) attacks.
The attacks are aimed at taking websites offline and disabling services, the UK’s National Cyber Security Centre (NCSC) says in an alert today. Despite lacking sophistication, a DDoS attack can cause high costs for a targeted organization.
“Although DoS attacks are typically low in sophistication, a successful attack can disrupt entire systems, costing organisations significant time, money, and operational resilience by having to analyse, defend against, and recover from them,” the cyber agency notes.
The NCSC refers to a particular DDoS threat actor, the infamous NoName057(16), known as a pro-Russian hacktivist group that has been active since March 2022.
The actor is operating the DDoSia project, a platform that allows volunteers to contribute computing resources to carry out crowdsourced DDoS attacks and receive monetary rewards or recognition from the community.
An international law enforcement operation dubbed “Operation Eastwood” disrupted NoName057(16)’s activity in mid-July 2025 by arresting two members of the group, issuing eight arrest warrants, and taking down 100 servers.
However, with the main operators of the group out of reach, believed to be residing in Russia, the cybercriminals were able to return to action, as corroborated by the NCSC’s latest bulletin.
The agency notes that NoName057(16) is ideologically motivated rather than driven by financial gain, and represents an evolving threat that is also affecting operational technology (OT) environments. A dedicated security guide for OT owners is shared here.
To mitigate DDoS risks, the NCSC advises organizations to:
- Understand their services to identify potential resource-exhaustion points and responsibility boundaries.
- Strengthen upstream defenses, including ISP mitigations, third-party DDoS protection, CDNs, and provider-imposed safeguards, and consider redundancy with multiple providers.
- Design for rapid scaling, using cloud auto-scaling or virtualization with spare capacity.
- Define and rehearse response plans that support graceful degradation, adapt to changing attacker tactics, retain admin access, and ensure scalable fallbacks for essential services.
- Test and monitor continuously to detect attacks early and validate the effectiveness of defenses.
Russian hacktivists have represented an increased threat since 2022, as the threat actors are targeting organizations in the public and private sectors in NATO member states and other countries in Europe that take a stance against “Russia’s geopolitical ambitions.”
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.