All Insights

๐—ช๐—ต๐˜† "๐—Ÿ๐—ผ๐˜„ ๐—ฆ๐—ผ๐—ฝ๐—ต๐—ถ๐˜€๐˜๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป" ๐—ฑ๐—ผ๐—ฒ๐˜€๐—ป'๐˜ ๐—บ๐—ฒ๐—ฎ๐—ป "๐—Ÿ๐—ผ๐˜„ ๐—ฅ๐—ถ๐˜€๐—ธ" ๐—ถ๐—ป ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฒ

Cyber Security โ€ข January 20, 2026 โ€ข Written by: Gareth Jones โ€ข Read time: 1 min

The NCSC has just issued a fresh alert regarding Russian-aligned hacktivists, and it carries a warning that caught my eye: a shifting focus toward ๐—ข๐—ฝ๐—ฒ๐—ฟ๐—ฎ๐˜๐—ถ๐—ผ๐—ป๐—ฎ๐—น ๐—ง๐—ฒ๐—ฐ๐—ต๐—ป๐—ผ๐—น๐—ผ๐—ด๐˜† (๐—ข๐—ง). https://lnkd.in/eSfsFHPB

For a long time, hacktivist groups like NoName057(16) were seen as a digital nuisance, primarily engaging in DDoS attacks that knocked a council website offline for an afternoon. It was frustrating, but it didn't stop the "gears" from turning.

Thatโ€™s changing. These groups are now looking for unsecured VNC connections, the ๐—ณ๐—ผ๐—ฟ๐—ด๐—ผ๐˜๐˜๐—ฒ๐—ป ๐—ฑ๐—ถ๐—ด๐—ถ๐˜๐—ฎ๐—น ๐—ฎ๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€ windows into our water pumps, power grids, and factory floors.

The NCSCโ€™s "Secure Connectivity Principles" (released last week https://lnkd.in/eJFuWE8H) makes it clear: we can no longer treat OT as a "disconnected" island. As we bridge the gap between IT and OT for better efficiency, weโ€™re also bridging the gap for attackers who don't need a massive budget to cause a safety incident; they just need one exposed port.

๐—”๐˜ ๐— ๐—ฒ๐˜๐—ต๐—ผ๐—ฑ๐˜€, ๐˜„๐—ฒโ€™๐—ฟ๐—ฒ ๐˜€๐—ฒ๐—ฒ๐—ถ๐—ป๐—ด ๐˜๐—ต๐—ถ๐˜€ ๐—ฐ๐—ต๐—ฎ๐—น๐—น๐—ฒ๐—ป๐—ด๐—ฒ ๐—ฎ๐—ฐ๐—ฟ๐—ผ๐˜€๐˜€ ๐˜๐—ต๐—ฒ ๐—ฝ๐˜‚๐—ฏ๐—น๐—ถ๐—ฐ ๐˜€๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ. As an NCSC-assured consultancy, we help organisations move past the "alert" stage and into active resilience. My three takeaways for anyone managing critical infrastructure right now:

๐Ÿญ. ๐—ฉ๐—ถ๐˜€๐—ถ๐—ฏ๐—ถ๐—น๐—ถ๐˜๐˜† ๐—ถ๐˜€ ๐˜๐—ต๐—ฒ ๐—ณ๐—ถ๐—ฟ๐˜€๐˜ ๐—ฑ๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฐ๐—ฒ: You can't protect what you can't see. Most OT breaches start because of a "forgotten" remote access tool used by a third-party vendor.

๐Ÿฎ. ๐—š๐—ฟ๐—ฎ๐—ฐ๐—ฒ๐—ณ๐˜‚๐—น ๐——๐—ฒ๐—ด๐—ฟ๐—ฎ๐—ฑ๐—ฎ๐˜๐—ถ๐—ผ๐—ป: We need to plan for how services stay alive when the main network is under fire. Uptime isn't just a technical metric; it's a safety requirement.

๐Ÿฏ. ๐—ง๐—ต๐—ฒ "๐—›๐˜‚๐—บ๐—ฎ๐—ป" ๐—™๐—ฎ๐—ฐ๐˜๐—ผ๐—ฟ: These attacks are ideologically driven, not financial. They aren't looking for a payout; theyโ€™re looking for a headline.

If youโ€™re in the UK public sector or CNI, this isn't just another alert to file away. Itโ€™s a prompt to audit those remote connections before someone else does.

For organisations navigating this shift, the challenge is not understanding that change is happening; it is knowing where to start, how to prioritise, and how to bring suppliers and partners along with you. This is where Methods can provide practical, outcome-driven cyber resilience consultancy - so please get in touch https://www.methods.co.uk/

 

 
Back to top