Importance Score: 85 / 100 🟢
UK Military and Nuclear Body Targeted in Cyberattacks by Pro-Russian and Pro-Palestinian Alliance
Websites belonging to the British Army, Royal Navy, and the Office for Nuclear Security have reportedly been subjected to cyberattacks orchestrated by a coalition of pro-Russian and pro-Palestinian hackers. This incident highlights the growing threat of state-aligned cyber activity targeting critical UK infrastructure and defense agencies, raising concerns about national security.
Last month, a coordinated series of attacks targeted the online platforms of these agencies, according to claims made by a hacker identified as Mr. Hamza on the Holy League coalition’s Telegram channel.
‘Our message is unambiguous: this is merely a preliminary warning… and more severe actions are anticipated,’ declared the pro-Palestine hacker, believed to be operating from Morocco.
The Holy League Coalition: A Cyber Threat to the West
The Holy League coalition, encompassing approximately 90 ‘hacktivist’ groups, is united by a shared animosity towards Western values. This collective has pledged to initiate ‘cyber warfare’ against Ukraine, Israel, and their allies.
Reports suggest that the coalition includes hackers with training from the Iranian Revolutionary Guard Corps (IRGC) and groups collaborating with Russian intelligence services.
Analysts have indicated that Britain’s increased prominence in supporting Ukrainian forces has elevated its status as a primary target.
Heightened Cyber Threat Landscape
Government Communications Headquarters (GCHQ) recently issued an alert regarding a ‘significant surge’ in threats from state-sponsored hacktivists seeking to compromise Britain’s essential infrastructure networks.
The majority of these assaults are characterized as basic distributed denial of service (DDoS) attacks. These actions involve overwhelming a website or online server with excessive traffic, rendering it inaccessible to users.
Experts emphasize that DDoS attacks are considered relatively ‘low impact,’ typically lasting only minutes. However, they can cause considerable disruption to website services and compromise defenses, potentially facilitating further infiltration.
Weekly Cyber Offensives Against UK Institutions
The cyber alliance is allegedly conducting weekly cyber offensives against a range of UK institutions, including state agencies, armed forces, infrastructure operators, local councils, and security services. Notably, the MI6 website was reportedly targeted in March.
In January, National Highways, the North East Combined Authority, and numerous local councils were targeted by NoName057(16), a member of the Holy League. These attacks occurred after Britain and Ukraine formalized a 100-year partnership agreement.
Furthermore, in December of the previous year, the alliance launched a wave of attacks against the UK, reportedly as retaliation for Ukraine’s deployment of British Storm Shadow missiles, according to sources at The Times.
Leadership and Origins of the Holy League
The Holy League was established last summer by Abu Omar, a cybercriminal and leader of the Cyber Islamic Resistance.
In an interview with Kremlin-backed state media in November, Omar disclosed collaborations with partners from Russia, Belarus, Morocco, Egypt, and Algeria, as well as affiliations with ‘brothers in the Middle East’.
He further asserted that the Cyber Islamic Resistance received training from the Badr Organisation, an IRGC-affiliated militia group based in Iraq.
Omar conveyed to the media outlet his aspiration for the conflicts in Ukraine and Gaza to culminate in the ‘destruction of the ‘Evil Empire’, encompassing Ukraine, Israel, and NATO’.
Claims of Responsibility and Evidence
The Holy League has asserted responsibility for multiple attacks targeting intelligence agencies across Europe. To substantiate these claims, the group provides evidence in the form of ‘check host’ links, demonstrating the duration of website outages.
Links to Russian Cyber Warfare Units
Members of the Cyber Army of Russian Reborn (Carr), believed to be associated with the Russian military intelligence agency’s cyber warfare division, are reportedly integrated within the Holy League.
Carr members Yuliya Pankratova and Denis Degtyarenko, both identified as Russian nationals, faced sanctions from the US government in July 2024. These sanctions followed allegations of hacking into water facilities in the US and Poland. Additionally, they are accused of disrupting operations at a facility in France.
Carr and NoName057(16), identified by Ukrainian intelligence as Artem, Pankratova’s husband, jointly targeted the M6 toll road in Britain on December 6 of the previous year.
Government Response
A UK Government spokesperson, in a statement issued to The Times, stated that it does not ‘routinely comment on cyber activity claimed by online groups’.
‘The government remains dedicated to utilizing all available measures to counter cyber threats and ensure public safety,’ the statement concluded. Authorities have been approached for further comments.