Denmark has formally accused Russia of conducting “destructive and disruptive” cyber attacks against its critical infrastructure and democratic institutions, marking one of the clearest public attributions by a Nordic country of Russian state-linked cyber aggression. The Danish Defence Intelligence Service (DDIS) has concluded that Russia-backed hacker groups were behind cyber operations targeting a national water supply facility and multiple election-related government websites.
In its latest threat assessment, DDIS described the incidents as part of a broader hybrid warfare campaign aimed at destabilising European countries that support Ukraine politically and militarily. The agency warned that cyber operations have become an integrated instrument of Russian foreign and security policy.
Critical Infrastructure and Elections Under Attack
According to DDIS, a cyber attack on a Danish water utility in 2024 was traced to Russian-linked threat actors, while several government and election-related websites were hit by large-scale distributed denial-of-service (DDoS) attacks ahead of municipal and regional elections held in November.
The intelligence service stressed that these attacks were not random or isolated. Instead, they formed part of a coordinated effort to disrupt essential services and undermine public confidence in democratic processes.
“These cyber operations are designed to create insecurity in the population and apply pressure on governments that continue to support Ukraine,” DDIS said in its statement.
Russia-Linked Hacker Groups Identified
Danish authorities identified two pro-Russian hacker groups allegedly involved in the incidents:
- Z-Pentest, linked to the cyber intrusion into the water supply system
- NoName057(16), associated with DDoS attacks on election-related and government websites
Both groups have previously been flagged by Western intelligence agencies for activities aligned with Russian state interests. DDIS said the groups operate as part of a wider ecosystem of cyber actors that advance Russia’s strategic objectives without formal attribution.
Water Facility Breach Caused Physical Damage
Denmark’s Defence Minister Troels Lund Poulsen confirmed that the cyber attack on the water facility in Køge had tangible real-world consequences. A hacker gained unauthorised control of the system and manipulated pump pressure, causing pipes to burst.
Although the incident was quickly contained and did not disrupt water supply on a large scale, Poulsen said it highlighted serious vulnerabilities.
“This demonstrates that cyber attacks can directly lead to physical damage,” he said. “Hybrid warfare is not theoretical—it is happening here and now.”
Election Interference Through Digital Disruption
The DDoS attacks on election-related websites were timed to coincide with local elections, according to the intelligence assessment. While voting itself was not compromised, authorities said the attacks were intended to:
- Disrupt access to official information
- Undermine trust in public institutions
- Create confusion and uncertainty among voters
Officials noted that such tactics mirror patterns seen in other European countries facing hostile cyber activity
Hybrid Warfare and Strategic Pressure
DDIS characterised the attacks as part of Russia’s broader hybrid warfare doctrine, which blends cyber operations, information manipulation, and political pressure to weaken adversaries without direct military confrontation.
“Russia’s cyber activities are integrated into a wider influence effort aimed at eroding Western unity and diminishing support for Ukraine,” the agency said.
The intelligence service warned that civilian infrastructure—such as water systems, energy grids and public administration platforms—has increasingly become a frontline in modern conflict
Diplomatic and Security Response
In response to the findings, Denmark has announced it will summon the Russian ambassador to formally convey its position. The government has also called for stronger coordination within the European Union and NATO on cyber defence, intelligence sharing and infrastructure protection.
Senior officials emphasised that the threat is not limited to Denmark and urged European partners to treat cyber security as a core national defence issue.
A Growing European Concern
Security experts say the Danish case reflects a wider trend across Europe, where cyber attacks linked to geopolitical tensions are increasingly targeting essential services and democratic systems.
With the war in Ukraine continuing, intelligence agencies across the continent have warned that cyber operations are likely to intensify as part of broader destabilisation strategies.
Danish authorities concluded that modern warfare is no longer confined to battlefields, warning that digital systems underpinning everyday life are now central targets in international conflict.
