The U.K.’s National Cyber Security Centre on Monday warned that pro-Russia hacktivists are targeting critical infrastructure providers and local governments with malicious activity designed to cause disruption. 

The threats appear to be linked to perceived support of Ukraine, as direct military attacks have escalated amid efforts by the Trump administration to seek an end to the conflict. 

U.K. officials urged security teams to review their defense postures and take steps to improve resilience. The government warned that they should be prepared for potential denial of service attacks. 

NCSC’s alert comes just more than a month after a joint advisory warning of Russia hacktivist threats from Western cyber authorities, including the Cybersecurity and Infrastructure Security Agency, the FBI and other international agencies. 

The newly issued UK warning specifically references a hacktivist group called NoName057(16), which has been engaged in attacks targeting private sector and government agencies in NATO member states and other European countries since 2022. 

The joint advisory in December also referenced other hacktivist groups, including Sector16, Z-Pentest and the Cyber Army of Russia Reborn, which has been linked to prior attacks against water utilities in the U.S.

UK officials said NoName057(16) has frequently targeted local governments in the U.K. The group operates mostly through Telegram and uses GitHub to host a proprietary tool called DDoSia.  

Security experts said they expect to see an escalation in threat activity from hacktivist groups over the course of 2026. 

“This expansion is characterized by an emerging trend that we call escalatory hacktivism, where groups align with state-backed narratives and contribute to their host state’s hybrid warfare efforts — precisely the behavior the NCSC is warning about,” Ric Derbyshire, principal security researcher at Orange Cyberdefense said.