Cyber Threats: NCSC Warns of Russia-Linked DDoS Attacks

Key Findings

The UK's National Cyber Security Centre (NCSC) has issued an alert regarding the persistent targeting of UK organizations by Russia-linked hacktivist groups.
These groups, such as NoName057(16), are carrying out Distributed Denial of Service (DDoS) attacks to disrupt networks, take websites offline, and disable services.
The attacks are ideologically motivated, reflecting an evolution in the threat landscape that now increasingly targets operational technology (OT) systems.
Organizations, particularly local governments and critical infrastructure operators, are being urged to review their defenses and improve their cyber resilience to prepare and respond to these DoS attacks.

The pro-Russian hacker group NoName057(16) has been active since 2022, launching frequent DDoS attacks against government and private organizations across NATO and Europe, including UK local councils.
Since 2023, the group has targeted Swedish government and banking sites, hit over 250 German entities in 14 attack waves, and disrupted events in Switzerland, including the Ukraine Peace Summit.
Dutch authorities have also linked the group to an attack during the recent NATO summit, though all incidents were mitigated without major disruptions.
The group has over 4,000 supporters and employs a self-built botnet composed of hundreds of servers. They spread propaganda and recruit through social media, forums, and niche chat apps.

The pro-Russia hacktivist groups, including CARR, Z-Pentest, and NoName057(16), exploit poorly secured VNC connections to access OT devices in critical infrastructure, causing varying impacts, including physical damage, primarily targeting water, food, agriculture, and energy sectors.
Their attacks are less sophisticated and lower-impact compared to advanced persistent threat (APT) groups, but can still disrupt systems and cause significant operational and financial damage.

The NCSC urges organizations to strengthen their defenses against these DoS attacks linked to Russia-linked groups.
Recommendations include understanding weak points in services, using ISP and third-party DDoS protections, enabling scalable infrastructure, preparing response plans, and regularly testing and monitoring systems to detect and handle attacks quickly.
The NCSC also encourages all OT owners to follow recommended mitigation advice to harden their cyber defenses against these ideologically motivated threats.

https://securityaffairs.com/187095/hacktivism/uk-ncsc-warns-of-russia-linked-hacktivists-ddos-attacks.html
https://securityonline.info/ncsc-warns-of-russian-hacktivists-targeting-uk/
https://www.hendryadrian.com/ncsc-warns-of-russian-hacktivists-targeting-uk/
https://x.com/securityaffairs/status/2013527654876545391
https://www.bleepingcomputer.com/news/security/uk-govt-warns-about-ongoing-russian-hacktivist-group-attacks/
https://www.instagram.com/p/DTs1XvODprK/