Hacktivists Intensify Disruptive Cyber Pressure on UK Organisations

Our Cyber Security Director, Lance Nevill, highlights the warning issued recently of disruptive cyber attacks against UK organisations, with local government bodies and operators of critical national infrastructure identified as primary targets

The alert, published by the UK National Cyber Security Centre (NCSC), part of GCHQ, highlights a campaign by Russian state-aligned hacktivist groups. Their objective is clear: to disrupt operations, take websites offline, and disable essential services through denial-of-service (DoS) attacks.

Some people consider these “low sophistication” attacks compared to complex ransomware strains, but their ability to erode trust and stop public services makes them a serious threat to operational resilience.

NoName057(16) and DDoSia

In December 2025, the NCSC co-sealed an advisory with international partners warning of global cyber operations conducted by pro-Russian groups. One group, NoName057(16), has been particularly aggressive since March 2022.

Operating primarily through Telegram channels, this group targets nations perceived as hostile to Russian geopolitical interests, some consider these to be those supporting Ukraine. They utilise DDoSia, a proprietary tool shared via platforms like GitHub, to crowdsource attacks. This means they can overwhelm websites with traffic, creating bottlenecks that legitimate users cannot bypass.

Gary Barlet, Public Sector CTO at Illumio, notes the escalation:

“Modern supply chains and critical infrastructure are deeply interconnected, making disruption easier than ever. Hacktivists have successfully targeted essential services across Europe for years, and with rising geopolitical tensions in 2026, these attacks are likely to escalate.”

Why “Low Tech” Still Means High Risk

At Mondas, we sometimes see organisations underestimate DoS attacks because they rarely involve data theft. However, the impact on business continuity can be just as damaging.

“The danger here isn’t necessarily sophistication; it’s persistence and volume,” says Lance Nevill, Cyber Security Director at Mondas. “These hacktivists aren’t looking for a payout, they are often ideologically driven. This means they’re harder to negotiate with and harder to predict. They want to cause maximum public embarrassment and operational paralysis.”

Nevill emphasises that while a DoS attack might not breach your database, it does breach your reliability. “If a resident can’t access local council services, or a supply chain partner can’t access your portal, the reputational damage is immediate. Resilience is no longer just about keeping intruders out; it’s about ensuring your service stays up.”

Building Cyber Resilience in 2026

The NCSC urges all organisations, especially those in the public sector and critical infrastructure, to review their DoS protections immediately.

At Mondas, we advocate for a Secure-by-Design approach that moves beyond basic firewalls. To counter modern volumetric attacks, organisations must adopt:

Conclusion

The NCSC’s alert is a timely reminder that the cyber threat landscape is evolving. As geopolitical tensions continue to influence cyber activity, UK organisations must shift their mindset from “if” to “when.”

Is your organisation prepared to withstand a sustained DoS campaign? Contact Mondas today to assess your cyber resilience and ensure your critical services remain online, regardless of the threat.

This article was brought to you by Lance Nevill, Cyber Security Director at Mondas. Read more on the NCSC alert here: 🔗NCSC News. Original report here: 🔗Infosecurity Magazine.