Danish intelligence officials from the Defence Intelligence Service said Russia was responsible for recent cyberattacks on the country’s critical infrastructure, identifying two groups it says operate on behalf of the Russian state: Z-Pentest, linked to a destructive attack on a water utility, and NoName057(16), which was flagged over distributed-denial-of-service assaults ahead of November’s local elections before the 2025 elections.
The DDIS described the activity as part of a broader Russian hybrid campaign aimed at creating insecurity in targeted countries and punishing states that support Ukraine, and said elections had been used as a platform to attract public attention.
Denmark’s defence minister Troels Lund Poulsen said the incidents showed hybrid warfare was taking place in Europe and described the actions as unacceptable, adding that the foreign office would summon the Russian ambassador for clarifications, according to The Guardian.
The announcement came against a backdrop of Danish support for Ukraine since Russia’s full-scale invasion in February 2022, including sanctions and military and financial assistance. Intelligence agencies in the region have linked other disruptive incidents to pro-Russian actors, including attacks on operational systems and DDoS campaigns in neighbouring countries.
On Dec. 10, U.S. and international agencies released a joint advisory warning that pro-Russia hacktivist groups are actively targeting critical infrastructure, naming groups such as NoName, Z-Pentest, Sector16 and CARR.