Denmark’s Cyberattack Allegations Spark Tensions with Russia
Denmark’s recent accusations against Russia have escalated into a significant diplomatic issue. Danish officials have linked Moscow to two notable cyberattacks aimed at vital infrastructure and democratic processes within the country. On Thursday, authorities in Denmark announced plans to summon the Russian ambassador after the Danish Defence Intelligence Service (DDIS) identified Russia’s involvement in these incidents.
Cyberattacks Targeting Critical Infrastructure
The DDIS reported two severe cyber incidents: a destructive attack on a water utility in Køge and several distributed denial-of-service (DDoS) attacks on Danish websites prior to the recent elections. Danish officials see these actions as part of a larger hybrid warfare strategy employed by Russia against European nations offering support to Ukraine.
In an official statement, Danish authorities declared, “Russia is responsible for destructive and disruptive cyberattacks against Denmark.” Their assessment determined that the Z-Pentest group, believed to be associated with the Russian state, executed the attack on water operations. Additionally, the DDIS identified NoName057(16, a group linked to Russian interests, as the perpetrator of the election-related DDoS attacks.
Water Utility Incident Highlights Infrastructure Vulnerabilities
In 2024, a cyberattack targeted a waterworks facility in Køge, leading to a critical security breach. The hackers managed to control operational systems, manipulating pump pressure levels that resulted in pipe bursts. Although physical damage was limited, the incident raised alarm over the security of Denmark’s critical infrastructure.
Danish Defence Minister Troels Lund Poulsen condemned the incident, stating it was “completely unacceptable.” He emphasized that such cyber operations could lead to tangible real-world consequences. In response to the DDIS findings, Poulsen confirmed that Denmark would proceed with summoning the Russian ambassador for discussion.
DDoS Attacks Disrupt Election Integrity
As Denmark prepared for its municipal and regional elections in 2025, a series of DDoS attacks targeted multiple government and public-sector websites. The DDIS noted that these attacks aimed to overload server capabilities and diminish public access to essential online services. More importantly, they sought to create a climate of insecurity during a politically charged time.
The intelligence agency argued that the intent behind these operations was to foster instability in Denmark, particularly as a reaction to its support for Ukraine. The DDIS pointed out a disturbing trend: Danish elections seemed to serve as a focal point for disruptive practices, mirroring tactics observed in other European nations experiencing cyber influences during elections.
Further Cyberattacks in November 2025
Reports from The Cyber Express highlighted another wave of cyberattacks occurring on November 13, 2025, affecting government and defense-related websites. The Danish Civil Protection Agency confirmed these outages fell under the category of DDoS attacks that also impacted various companies and public-sector online platforms.
In a follow-up statement, the agency indicated that multiple entities were facing operational difficulties due to these cyberattacks. Shortly after the disruptions, the group NoName057(16) claimed responsibility on social media, asserting it had impacted various government systems, including those of the Ministry of Transport and the public-sector portal, Borger.dk.
A Broader European Context
International coverage from sources like AFP and Ukrinform suggests that Denmark’s cyberattacks fit into a broader pattern of pro-Russian cyber activities across Europe. Recent incidents have included data breaches in the Netherlands, cyberattacks on a major Polish tour company, and exposure of sensitive information from a British defense contractor associated with Russia-linked hacks.
While there are currently no reports of severe long-term damage or data loss within Danish infrastructure, officials alert the public to persistent vulnerabilities highlighted by the ongoing cyberattacks. The Civil Protection Agency, along with military intelligence, continues to assess and monitor these developments.
The DDIS concluded that Russia’s employment of proxy hacker groups underscores a shifting landscape of hybrid warfare, where cyber operations are becoming an increasingly prevalent strategy for influencing political outcomes and destabilizing societies without resorting to conventional military action.
