Introduction
A pro-Russian hacking group [3] [5], NoName057(16) [1] [2] [3] [4] [5] [6] [7] [8] [9], has claimed responsibility for a series of Distributed Denial-of-Service (DDoS) attacks on multiple local government authorities in the UK. These cyberattacks are believed to be motivated by the UK’s military support for Ukraine.
Description
A pro-Russian hacking group known as NoName057(16) has claimed responsibility for a series of Distributed Denial-of-Service (DDoS) attacks targeting multiple local government authorities in the UK, including Bournemouth [5] [7] [8], Christchurch & Poole (BCP) Council [5] [7] [8], Hastings Borough Council [9], Medway Council [5] [7] [8], Exeter City Council [5] [7] [8], Burnley Town Council [5] [7] [8], and others such as Hemel Hempstead, St Albans [4], Dudley [4], Bradford [1], Eastleigh [1], and Salford [1] [9]. Portsmouth City Council in Hampshire confirmed that its website was taken offline due to a DDoS attack by NoName057(16), but assured residents that no essential services were interrupted and that personal and user data remained secure. The IT team at Portsmouth City Council [7], along with their service providers [7], responded swiftly and successfully restored website functionality within two hours, demonstrating the effectiveness of their incident response plan [7]. Although the attacks impacted online services, teams were available to assist residents during working hours [2], and access to services through the MyPortsmouth website continued to function.
The group reportedly targeted over a dozen councils [6], including Middlesbrough Council [3] [4], which also experienced downtime likely due to the same attacks. These cyberattacks are believed to be motivated by the UK’s military support for Ukraine, particularly following British Prime Minister Keira Starmer’s announcement of increased funding for Ukraine’s naval forces [5]. Experts suggest that these incidents may signal a broader campaign by Russia against British government agencies [5], with NoName057(16) actively launching attacks against perceived enemies of Russia throughout the year and being associated with the Project DDoSia initiative [4], which encourages attacks on NATO states [4]. The group operates under the direction of its leadership and communicates through Telegram, sharing target lists that typically include entities perceived as anti-Russian [9].
In response to the increasing number of cyberattacks on local authorities [7], the National Cyber Security Centre (NCSC) has provided guidance and support [1] [2] [3] [6] [7] [8], emphasizing the need for robust cybersecurity measures and proactive approaches to safeguard public resources and sensitive data [7]. While DDoS attacks are relatively low in sophistication [6] [8], they can significantly disrupt access to online services, and recovery from such incidents typically requires substantial time and resources as affected councils implement countermeasures to limit disruption. Security expert Kevin Beaumont noted that some councils faced technical difficulties unrelated to DDoS attacks [9], such as server overloads [9], further complicating the situation. The group’s actions appear to focus more on psychological impact than on causing long-term damage [1], highlighting the multifaceted nature of these cyber threats.
Conclusion
The DDoS attacks by NoName057(16) underscore the vulnerabilities in local government cybersecurity infrastructure and the potential for disruption even from relatively unsophisticated methods. The swift response by affected councils, such as Portsmouth City Council [4] [7], demonstrates the importance of having effective incident response plans in place. As cyber threats continue to evolve, it is crucial for government agencies to enhance their cybersecurity measures and remain vigilant against potential attacks. The ongoing support and guidance from the National Cyber Security Centre (NCSC) will be vital in helping local authorities protect their digital assets and maintain public trust.
References
[1] https://thenimblenerd.com/article/pro-russia-hacktivists-cause-uk-council-websites-to-crash-a-ddos-comedy-of-errors/
[2] https://www.bbc.co.uk/news/articles/cly2jyvx55do.amp
[3] https://www.bbc.co.uk/news/articles/c4gv2x1lq7qo
[4] https://www.infosecurity-magazine.com/news/uk-council-sites-recover-russian/
[5] https://www.cybersecurityintelligence.com/blog/russian-hackers-attack-british-local-government-8035.html
[6] https://insight.scmagazineuk.com/british-councils-hit-in-ddos-campaign
[7] https://cybermaterial.com/cyberattack-hits-portsmouth-city-council/
[8] https://www.thenational.scot/news/national/24696405.cyber-attack-crashes-city-council-website-uk-authorities-targeted/
[9] https://www.threatshub.org/blog/uk-councils-bat-away-ddos-barrage-from-pro-russia-keyboard-warriors/