UK Council Sites Recover Following Russian DDoS Blitz

Written by

All of the UK local authorities targeted by Russian hacktivists last week appear to have restored online services.

A group known as “NoName057(16)” took to X (formerly Twitter) last Monday to publish details of a DDoS campaign which it claimed was retribution for British military support for Ukraine.

“The Russian embassy in the UK has accused the British authorities of using the issue of grain corridor protection to conceal arms deliveries to the Ukrainian Armed Forces,” it wrote.

“While the Russophobic UK authorities continue to sponsor the criminal Kiev regime, we are launching our attacks on that country’s websites.”

Read more on DDoS: Royal Family Website Downed by DDoS Attack

It initially listed seven local councils which it said it had digitally disrupted: Hemel Hempstead, St Albans, Salford, Bury, Trafford, Tameside and Dudley. However, reports emerged soon after that Portsmouth City Council and Middlesborough Council were impacted.

The former warned users on its Facebook page that they might experience difficulties using the site.

“Portsmouth is one of a number of local authorities across the UK to be affected by a distributed denial-of-service (DDoS) attack by a group named NoName057(16),” it explained.

“No council services are affected by the attack, and user and residents’ data are not at risk, however, the website may be for an unknown period. We're working to resolve the issue as soon as possible and apologize for any inconvenience caused.”

A quick check by Infosecurity this morning revealed that all council sites are now back up and running as normal.

NoName057(16) has been launching regular attacks against perceived enemies of Russia this year. It appeared to be heavily involved in the Project DDoSia initiative, which is designed to encourage Russian hacktivists to launch attacks on NATO states.

The latest iteration of the DDoSia software introduced enhanced encryption for data flows between users and their command-and-control (C2) servers, in a bid to improve the stability of its infrastructure.

NoName057(16) also joined forces with fellow hacktivist groups Anonymous Sudan, Russian Cyber Army Team and Killnet to launch attacks on Sweden after the country announced its NATO membership.

It was assessed by Radware to be the most active hacktivist threat actor during H1 2024.

What’s hot on Infosecurity Magazine?