Overview
- A new NCSC alert says Russia‑aligned hacktivist campaigns continue to disrupt UK organisations, with local authorities and critical national infrastructure singled out as high‑risk targets.
- The activity is primarily denial‑of‑service operations that are technically simple yet capable of taking services offline and imposing significant recovery costs.
- NoName057(16) remains active through its crowdsourced DDoSia platform despite a July 2025 Europol action that seized servers and made arrests, according to the alert.
- Officials note an evolution toward targeting operational technology and highlight common weaknesses such as unpatched systems and exposed VNC connections in CNI environments.
- Guidance urges upstream DDoS mitigation, CDNs, multi‑provider redundancy, scalable architectures, rehearsed response playbooks, and continuous testing, with the UK also funding a £210 million Government Cyber Action Plan to bolster resilience.