The United Kingdom’s National Cyber Security Centre (NCSC), the cyber defence arm of Government Communications Headquarters (GCHQ), has issued a warning about persistent cyberattacks by groups aligned with Russia. The alert says the activity consists mainly of distributed denial of service (DDoS) attacks that aim to disrupt websites and digital services operated by critical national infrastructure and local government organisations. The warning was published on 19 January 2026.
The operations are described as ongoing and continue to target public and private sector networks across the UK. According to the NCSC, the attacks are designed to take systems offline and disable digital services, causing operational disruption and financial costs for affected organisations. These disruptive activities occur despite often lacking technical sophistication because successful DDoS attacks can overwhelm networks and prevent legitimate users from accessing services.
The advisory identifies Russian-aligned hacktivist actors as the source of the attacks and notes that their motivations are ideological rather than financial. The groups involved are reported to conduct operations outside direct state control but share opposition to Western support for Ukraine, reflecting broader geopolitical tensions. The NCSC has encouraged organisations to review their cyber defences and prepare DDoS mitigation strategies.
Officials recommend measures to improve resilience against these attacks, including the use of internet service provider-level and third-party DDoS protection services, scalable infrastructure configurations and incident response plans. Regular testing and monitoring of network traffic are advised to detect and respond quickly to abnormal activity that could indicate an attack.
Analysis from open-source reporting indicates that attack activity by Russian-aligned groups has been persistent since at least early 2022. Several collectives, such as NoName057(16), have been linked to repeated waves of DDoS operations targeting government sites, private companies and critical services in the UK and other European countries. These groups often use publicly available tools and networks of volunteer systems to amplify their attacks.
The NCSC alert underscores the ongoing challenge of defending UK digital assets against disruptive cyber activity that may not involve advanced malware or espionage but can still have serious consequences for service continuity and public trust. By highlighting these threats and issuing defensive guidance, the UK government seeks to raise awareness among organisations responsible for essential services and infrastructure.