Cyber Incident Victim: Portsmouth City Council
Date:
Nov 2024
Location:
United Kingdom
Summary
Portsmouth City Council experienced a distributed denial-of-service (DDoS) attack claimed by pro-Russian group NoName057(16), alongside several other UK local authorities including Salford and Middlesbrough. While council services remained operational and resident data was not compromised, the attack caused temporary website inaccessibility, with some councils restoring functionality while others worked to resolve ongoing issues; the National Cyber Security Centre provided guidance, noting such attacks, though low in sophistication, disrupt access to online services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 1, 2024, Portsmouth City Council confirmed it was targeted in a distributed denial-of-service (DDoS) attack conducted by the pro-Russian hacker group NoName057(16). The attack disrupted public access to the council’s primary website, though officials assured residents that no internal council services were compromised and no resident data was breached. The council announced the incident via Facebook, stating the website might remain inaccessible for an unspecified period while mitigation efforts were underway. Residents were advised to use the MyPortsmouth platform for online services and payments, with council teams remaining available for inquiries during business hours. The attack formed part of a broader campaign affecting multiple UK local authorities, including Salford, Bury, Trafford, and Middlesbrough councils, all of which experienced temporary website disruptions. Salford, Bury, and Trafford restored their sites promptly, while Middlesbrough Council proactively took its website offline on October 30 after its IT team identified an anomaly, though no explicit link to NoName057(16) was confirmed in that case.
Portsmouth City Council emphasized collaboration with cybersecurity partners to resolve the incident, though specific technical countermeasures were not disclosed. The National Cyber Security Centre (NCSC) provided guidance to affected councils, characterizing DDoS attacks as relatively low-sophistication incidents capable of causing significant service disruption despite their limited technical complexity. NoName057(16) claimed responsibility for the coordinated attacks, aligning with its history of targeting Western entities in support of Russian geopolitical interests. The council maintained transparency through social media updates, apologizing for inconvenience while reiterating that core operations and data integrity remained unaffected. Service restoration timelines were not specified, reflecting the unpredictable nature of DDoS mitigation. The incident highlighted the operational resilience of Portsmouth’s systems, which continued functioning through alternate channels despite the persistent website disruption.