News: 1768829867

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Don't underestimate pro-Russia hacktivists, warns UK's cyber crew

(2026/01/19)


The UK's National Cyber Security Centre (NCSC) is once again warning that pro-Russia hacktivists are a threat to critical services operators.

The cyber arm of the UK's sigint specialists at GCHQ specifically highlighted local authorities, including regional governments, and critical national infrastructure (CNI) organizations as being at an acute risk of hacktivist denial of attacks.

These are typically denial-of-service (DoS) in nature, but the cyber defense crew warned orgs not to underestimate the damage these simple attacks can do.

[1]

In a fresh alert published on Monday, the NCSC said DoS attacks on Russia's usual targets can disrupt entire systems, and also hit operators with financial and productivity costs when they are recovering from them.

[2]

[3]

All organizations should be working to improve their resilience to DoS attacks, the agency said, and not just local authorities and CNI organizations.

Jonathon Ellison, director of national resilience at the NCSC, said: "We continue to see Russian-aligned hacktivist groups targeting UK organizations, and although denial-of-service attacks may be technically simple, their impact can be significant.

[4]

"By overwhelming important websites and online systems, these attacks can prevent people from accessing the essential services they depend on every day.

He said all organizations "especially those identified in today's alert", must act now by "reviewing and implementing the NCSC's freely available guidance to protect against DoS attacks and other cyber threats."

The alert comes almost exactly a month after the UK co-signed an [5]advisory , alongside other international partners, warning of the same threat to CNI from pro-Russia hacktivists.

[6]

The advisory named the [7]Cyber Army of Russia Reborn (CARR), Z-Pentest, and Sector16 as some of the groups responsible for the attacks on Western organizations.

The law enforcement partners also included [8]NoName057(16) in the list, the only group that the NCSC mentioned in its standalone advisory on Monday.

NoName057(16) is a particularly persistent outfit, known in the UK to target a small list of organizations for days at a time. The attacks carried out by its members routinely knock council websites offline for various lengths of time, although significant, long-term impacts are rarely recorded.

Pro-Russia hacktivists of all stripes are known for overblowing the impact of their digital nuisance-making, the NCSC said, and regularly make false and/or misleading claims about the results of attacks on CNI organizations, dressing up minor intrusions as DEFCON 1-grade carnage.

The importance of shoring up system security is illustrated by typical hacktivist tradecraft. Attackers are [9]rarely sophisticated in the way they go about things, often relying on opportunism rather than ingenuity.

They prey on those with unpatched software bugs or insecure VNC connections, which are used frequently in CNI settings.

The NCSC recommended that all organizations should look into third-party DDoS-mitigation services to prevent these attacks, as well as using a content delivery network (CDN) for web services.

In its [10]advisory , CISA said that using multiple service providers for certain functionality can help maintain uptime during periods of attack, as well as including many more items for at-risk entities to check off their lists.

[11]Businesses in 2026: Maybe we should finally look into that AI security stuff

[12]Around 1,000 systems compromised in ransomware attack on Romanian water agency

[13]Honeypots can help defenders, or damn them if implemented badly

[14]Putinswap: France trades alleged ransomware crook for conflict researcher

Russia is often cited as one of the UK's most ardent geopolitical adversaries. National security officials have [15]previously described the threat presented by Putin's regime as the foremost threat facing the West today, while China is often referred to as an [16]epoch-defining challenge for the longer term.

MI6 director Blaise Metreweli said in December that the UK is currently operating in a grey zone between peace and war with regard to Russia, just below the threshold of war.

Baroness Manningham-Buller, former director general of MI5, however, said in September that she believes [17]the UK may already be at war with Russia , albeit an undeclared one.

The Register asked the NCSC for more information. ®

Get our [18]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aW5jOjTVGpasd3I8RghLtgAAAtA&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aW5jOjTVGpasd3I8RghLtgAAAtA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aW5jOjTVGpasd3I8RghLtgAAAtA&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aW5jOjTVGpasd3I8RghLtgAAAtA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-343a

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aW5jOjTVGpasd3I8RghLtgAAAtA&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2024/07/22/russians_sanctioned_over_cyberattacks/

[8] https://www.theregister.com/2025/06/20/oxford_city_council_breach/

[9] https://www.theregister.com/2025/12/11/cybervolk_ransomware_is_back/

[10] https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-343a

[11] https://www.theregister.com/2026/01/12/ai_security_wef_survey/

[12] https://www.theregister.com/2025/12/22/around_1000_systems_compromised_in/

[13] https://www.theregister.com/2025/12/14/infosec_news_in_brief/

[14] https://www.theregister.com/2026/01/09/alleged_russian_ransom_payment_negotiator/

[15] https://www.theregister.com/2025/12/19/uk_foreign_office_hack/

[16] https://www.theregister.com/2024/05/16/the_uks_alarm_over_china/

[17] https://www.theregister.com/2025/09/29/uk_russia_cyber_war/

[18] https://whitepapers.theregister.com/


Perhaps the NCSC should open its eyes

VoiceOfTruth

The USA is currently threatening an ally. The USA is currently threatening to impose economic warfare against us.

The NCSC apparently doesn't have any problems with American access to all our data and systems. So I'll take what they say with a few tons of salt.

Russian hacktivists

Pascal Monett

They haven't done muck to help take over Ukraine in the last four years of the 3-week "special military operation", now have they ?

Instead of whining about Russian hacktivists, the USA would do better to harden access to its infrastructure - which is only something that specialists have been warning about for about a decade, at a minimum.

It's no use going to cry about your security if your lock is 100 years old and can be picked with a hairpin.

Re: Russian hacktivists

Anonymous Coward

Why should the USA harden it's infrastructure? This is about the activities of it's ally, Russia, against British infrastructure.

@AC - Re: Russian hacktivists

Anonymous Coward

You mean British infrastructure in Ukraine ?

Water

elsergiovolador

They say water is wet, but think pigs fly in the sky.

This is WTF level of incompetence. Have they heard of Cloud Act? Do they know the US administration is compromised by Russia?

Do they know very much all government systems are open for US Security Services to be rummaged through without their knowledge?

Just wow.

VoiceOfTruth

Russia was our ally against Nazi Germany. Four seconds later, Britain wanted to be at war with Russia again.

Russia has never invaded Britain. Britain has invaded Russia several times.

Ken G

The USSR was Nazi Germany's ally against Poland. Later it was the UK's ally against Nazi Germany. Later still it was the occupier of half of Europe and a threat to the rest of it. After than it disintegrated.

Russia isn't the USSR. Russia is a little post-Soviet runt state trading on obsolete weapons and cheap oil.

Go on!

Anonymous Coward

Live your dreams to the max!

Can you please make up your mind ?

Anonymous Coward

If Russia is the little post-soviet state how you put it, how comes Western governments are terrifying their citizens with the prospect of Russia invading all the continent up to the Atlantic Ocean (after Ukraine, it will be our turn because Russia will not stop).

Which one is it ?

VoiceOfTruth

As half of Europe did nothing to stop Nazi Germany, I am not surprised that Russia occupied half of Europe. The small matter of 20 million Russians murdered by Germany.

You need a history lesson. Get your knowledge from somewhere other than Fox non-News.

"Russia is the enemy. China is the enemy. Iran is the enemy."

Anonymous Coward

What else would we expect to hear from those pushing the official western narrative?

The UK turfed Huawei out simply because America said that. Even though GCHQ could find no evidence of it.

Meanwhile America has rejected the norms of international law, is running campaigns of regime change, engaged in murder and piracy on the high seas, is threatening western allies and Nato members, punishing the UK and those who won't do as the American dictatorship demands. Military forces stand ready to be deployed on American streets against American citizens.

"America is our friend."

ROTFLMAO.

Hype and tripe

Jason Bloomberg

"Pro-Russia hacktivists of all stripes are known for overblowing the impact of their digital nuisance-making, the NCSC said, and regularly make false and/or misleading claims about the results of attacks on CNI organizations, dressing up minor intrusions as DEFCON 1-grade carnage".

And how about NCSC and the rest of the propaganda intelligence community?

Firewalls burn down

Long John Silver

Wouldn't the "UK's cyber crew" do better by not chasing phantoms and concentrating upon teaching public services and private enterprise how better to protect itself from malicious attack, regardless of its assumed origin?

I don't grasp why so much IT internal to an organisation must face the public Internet. Shouldn't sensitive information, e.g. staff and client data, be under greater protection than seemingly permeable firewalls? That would entail air gaps between key datasets and the Internet.

Yes, the flow of information would be slowed. More human input would be required for shifting vital information around on paper or on electronic physical storage media. 'Slowing' is anathema to simpletons wedded to 'profit maximisation' and instant decision-taking; most of the time all is well but, as Marks and Spencer discovered to its immense cost, a slip up is potentially deadly dangerous.

Re: Firewalls burn down

VoiceOfTruth

If NCSC was serious about this, it should state: NO MORE CISCO. And No More American 'firewalls' full stop.

Don't stop to stomp ants when the elephants are stampeding.