Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark's critical infrastructure, as part of Moscow's hybrid attacks against Western nations.
In a Thursday statement, the Danish Defence Intelligence Service (DDIS) identified two groups operating on behalf of the Russian state: Z-Pentest, linked to the destructive water-utility attack, and NoName057(16), flagged as responsible for the DDoS assaults ahead of November's local elections in Denmark before the 2025 elections.
"The Russian state uses both groups as instruments of its hybrid war against the West. The aim is to create insecurity in the targeted countries and to punish those that support Ukraine," intelligence officials said.
"Russia's cyber operations form part of a broader influence campaign intended to undermine Western support for Ukraine. The DDIS assesses that the Danish elections were used as a platform to attract public attention – a pattern that has been observed in several other European elections."
Since Russia's full-scale invasion in February 2022, Denmark has participated in international sanctions against Moscow and has supported Ukraine throughout the war, providing military equipment, training, and financial assistance.
"This is very clear evidence that we are now where the hybrid war we have been talking about is unfortunately taking place. It once again puts the spotlight on the situation we find ourselves in in Europe," Denmark's defence minister Troels Lund Poulsen said in a press statement, according to The Guardian.
"It is completely unacceptable that hybrid attacks are carried out in Denmark by the Russian side," Poulsen noted, adding that the Danish foreign office would also summon the Russian ambassador for clarifications on the incidents.
In August, the Norwegian Police Security Service (PST) attributed the opening of outflow valves at a dam to pro-Russian hackers who had gained control of critical operational systems.
Three years ago, the country's National Security Authority (NSM) also linked a pro-Russian criminal group known as Legion to DDoS attacks that disrupted several important websites and online services.
More recently, on December 10th, CISA issued a joint advisory with the FBI, NSA, European Cybercrime Centre (EC3), and various other cybersecurity and law enforcement agencies worldwide, warning that pro-Russia hacktivist groups, including NoName, Z-Pentest, Sector16, and CARR (Cyber Army of Russia Reborn), are actively targeting critical infrastructure organizations worldwide.