Liverpool council reports repeated state-linked botnet attacks over two years
City authority says hackers linked to Russia’s Noname057(16) have launched distributed denial-of-service campaigns but ransomware has not succeeded for nine years
Liverpool City Council says it has faced repeated cyber attacks from a state-linked Russian hacktivist group over the past two years, according to a report to be considered by the authority’s audit committee.
The council told auditors it had received "significant attention" from Noname057(16), a group described in the report as state-linked and focused on western government, military, transport and health targets. The attacks have used distributed botnets and denial-of-service techniques that the council warned could take down public-facing services such as council websites.
The report said the authority had experienced "many attacks from this group and their allies using their Distributed Botnet over the last two years." It said the so-called hacktivists were using bots to try to infiltrate or disable council systems, but that the council’s security measures had prevented a successful ransomware incident for nine years.
Council documents noted the general nature of the risk, stating that "Denial of Service attacks for monetary or political reasons is a widespread risk for any company with a web presence or that relies on internet-based systems." The council said it has deployed a range of systems designed "to reduce the effect of attack on our web infrastructure."
The report will be scrutinised by the audit committee, which will review the authority’s current defences and residual risks to digital services. Council officials described the attacks as part of a wider pattern affecting public sector bodies and organisations that maintain an internet presence.
Local authorities have increasingly reported probing and sustained cyber activity in recent years, with denial-of-service campaigns and ransomware remaining prominent threats according to industry and government assessments. The Liverpool report highlights the use of distributed botnets by state-linked groups to overwhelm online services rather than to deploy malware for immediate extortion in every case.
The council did not report any active service disruptions or financial extortion events in its summary but underscored the potential consequences if web-facing systems were knocked offline. Officials said ongoing investment in security architecture and monitoring was intended to mitigate those impacts and maintain continuity of publicly accessible services.
The audit committee meeting will determine whether further measures or reporting changes are required to address evolving cyber threats and to ensure resilient delivery of council services.