ZeroFox Intelligence Flash Report - DDoS Attacks Target Spanish Government Websites

Product Serial: F-2026-02-17a

TLP:CLEAR

In this Flash report, ZeroFox researchers report on pro-Russia threat collectives NoName057(16) and Server Killers claiming they were responsible for coordinated distributed denial-of-service (DDoS) attacks against multiple Spanish government websites.

Standing Intelligence Requirements

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download

View the full report here

Key Findings

Over the period of February 16-17, 2026, pro-Russia threat collectives NoName057(16) and Server Killers alleged they were responsible for coordinated distributed denial-of-service (DDoS) attacks against multiple Spanish government websites and provided check-host links to verify their claims. The alleged motivation behind their attacks was the Spanish government’s perceived support of Ukraine and its participation in Operation Eastwood.
On January 19, 2026, the National Cyber Security Centre (NCSC)—a part of the United Kingdom’s Government Communications Headquarters (GCHQ)—issued an alert highlighting the persistent targeting of UK organizations by Russian state-aligned hacktivist groups aiming to disrupt networks.
This recent coordinated string of DDoS attacks demonstrates the ongoing threat faced by NATO members and organizations perceived as pro-Ukraine posed by collectives who are considered pro-Russia.
ZeroFox assesses it is very likely that pro-Russia and anti-West hacktivist collectives will continue to target Western institutions throughout 2026 and that NoName057(16) will collaborate with other pro-Russia collectives to conduct DDoS attacks against perceived pro-Western targets in the coming months.