Three UK councils—Salford, Portsmouth, and Middlesbrough—were disrupted by a Distributed Denial of Service (DDoS) attack, causing temporary outages on their websites. The National Cyber Security Centre (NCSC), part of the UK’s GCHQ, has confirmed that the attack was carried out by the pro-Russian hacking group NoName057(16). Fortunately, no sensitive data was compromised in the incident.
The attack has affected users trying to access the websites of these councils, with service interruptions and difficulties retrieving certain data. Recovery efforts are ongoing, and two additional councils, Bury and Trafford, were also impacted.
A DDoS attack involves overwhelming a server with a flood of fake traffic, rendering the website or service temporarily inaccessible to legitimate users. The NCSC has advised that disruptions may continue while the affected councils work to restore normal service.
NoName057(16): A Pro-Russian Cybercrime Group
According to Radware, a cybersecurity firm specializing in network protection, NoName057(16) is a pro-Russian group known for its extensive DDoS campaigns. The group first gained attention in March 2022, coinciding with the start of Russia’s invasion of Ukraine. Its initial targets included Ukrainian infrastructure, including a nuclear facility near the Ukrainian border.
The group developed a DDoS tool, DDOSIA, which they have used to target national infrastructure, news outlets, government websites, and tech companies in various countries.
In addition to attacks on Ukraine, NoName057(16) has launched significant DDoS campaigns against global events, including the 2023 G20 Summit in India. Since late 2023, the group has focused increasingly on political targets, including the Czech Presidential Elections in January 2023.
The group’s activities highlight the growing use of cyberattacks in geopolitical conflicts, with a clear shift toward political disruption in recent months.