Liverpool City Council has revealed a multi-year cyberattack by the Russian-funded Noname057(16) project. The hackers are using large-scale DDoS attacks to disrupt municipal systems, and are also spreading their activity to countries supporting Ukraine.
According to a published report, over the past two years, Liverpool City Council has been the target of botnet attacks aimed at overloading servers and shutting down systems. The city uses ISP-level anti-DDoS solutions, firewalls, intrusion detection systems and traffic management tools to protect itself.
Noname057(16), known as a project with a pro-Russian orientation, usually targets Western governments, military structures and medical institutions. Recently, the same group has been linked to Spanish professor Enrique Arias Gil, who collected data on critical infrastructure in Spain, helping hackers plan attacks.
Noname057(16) began its activity against Ukraine, but after the start of the full-scale war between Russia and Kyiv, it expanded its attacks to countries supporting Ukraine. Poland has already announced cyberattacks on its water supply systems and hospitals.
In July 2025, law enforcement conducted an international operation called Eastwood, during which 24 locations were searched, two people were arrested, seven warrants were issued, and more than 100 of the group’s servers were shut down. This partially disrupted Noname057(16)’s infrastructure, but the attacks continue.
The attacks on Liverpool and a number of other British cities show that Russian cyber assets are systematically targeting critical services in countries allied with Ukraine. Despite international operations and arrests, the activities of Noname057(16) continue, and therefore municipalities and government agencies should strengthen their DDoS protection and coordinate their actions with law enforcement.
