Cyber Incident Victim: Bury Metropolitan Borough Council
Date:
Nov 2024
Location:
United Kingdom
Summary
Bury City Council was among multiple UK local authorities targeted in a distributed denial-of-service (DDoS) attack by pro-Russian hacker group NoName057(16), causing temporary website disruptions. While online access issues persisted for an unspecified period, council services remained operational with no compromise of resident data, and alternative platforms like MyPortsmouth facilitated continued service access. The National Cyber Security Centre provided guidance, characterizing such attacks as low-sophistication incidents that primarily disrupt legitimate user access without breaching systems. Other affected councils included Portsmouth, Salford, Trafford, and Middlesbrough, all confirming restoration of online functionality following mitigation efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 1, 2024, Bury City Council was among multiple UK local authorities targeted in a distributed denial-of-service (DDoS) attack claimed by the pro-Russian hacker group NoName057(16). The attack simultaneously affected Portsmouth, Salford, Trafford, and Middlesbrough councils, disrupting public access to their official websites. Attackers overwhelmed the councils’ web infrastructure with excessive traffic, causing intermittent outages and degraded performance. Portsmouth City Council publicly confirmed the incident via a Facebook statement, noting the website remained partially inaccessible for an unspecified duration but emphasizing no internal council services or resident data systems were compromised. Salford, Bury, and Trafford councils experienced similar temporary disruptions, with all three confirming their websites were restored to normal operation shortly after the incident. Middlesbrough Council proactively took its website offline on October 30 after its IT team detected unspecified anomalies, though it was unclear if this was directly linked to the same campaign.
The councils implemented immediate response measures to mitigate public impact. Portsmouth redirected residents to its MyPortsmouth portal for uninterrupted access to online services and payments, while assuring users through social media that core operations remained functional. All affected councils coordinated with the National Cyber Security Centre (NCSC), which provided technical guidance during the incident. The NCSC characterized the attacks as operationally disruptive but technically unsophisticated, noting DDoS tactics primarily hinder legitimate access to public-facing websites without breaching underlying data systems. No evidence suggested data exfiltration or permanent damage to council infrastructure. Service teams across all councils maintained availability during business hours for non-digital inquiries, minimizing disruption to critical citizen support functions. Restoration timelines varied, with most councils resolving outages within hours, though Portsmouth indicated prolonged website instability.