The Danish government has accused Russia of being behind two “destructive and disruptive” cyber-attacks in what it describes as “very clear evidence” of a hybrid war.
The Danish Defence Intelligence Service (DDIS) announced on Thursday that Moscow was behind a cyber-attack on a Danish water utility in 2024 and a series of distributed denial-of-service (DDoS) attacks on Danish websites in the lead-up to the municipal and regional council elections in November.
The first, it said, was carried out by the pro-Russian group known as Z-Pentest and the second by NoName057(16), which has links to the Russian state.
“The Russian state uses both groups as instruments of its hybrid war against the west,” DDIS said in a statement. “The aim is to create insecurity in the targeted countries and to punish those that support Ukraine. Russia’s cyber operations form part of a broader influence campaign intended to undermine western support for Ukraine.”
It added: “The DDIS assesses that the Danish elections were used as a platform to attract public attention – a pattern that has been observed in several other European elections.”
The director of the DDIS, Thomas Ahrenkiel, said they were “very certain that these are pro-Russian groups that have connections to the Russian state”.
Denmark’s defence minister, Troels Lund Poulsen, said the attacks were “completely unacceptable” and he was taking the incidents “very seriously”. In an attack on a water utility in Køge in December 2024, a hacker took control of a waterworks and changed the pressure in the pumps, resulting in three burst pipes.
“This is very clear evidence that we are now where the hybrid war we have been talking about is unfortunately taking place. It once again puts the spotlight on the situation we find ourselves in in Europe,” Lund Poulsen said.
The Danish foreign office would summon the Russian ambassador for a meeting, he said. “It is completely unacceptable that hybrid attacks are carried out in Denmark by the Russian side,.”
Although the attacks caused limited damage, the minister for resilience and preparedness, Torsten Schack Pedersen, said they showed that “there are forces capable of closing down important parts of our society”.
Denmark, he added, was not sufficiently equipped to withstand such attacks from Russia. “I think you have to be incredibly naive if you think we are at the top of cybersecurity.”
Copenhagen described a series of drone incursions on Danish airports and areas of military significance in September as a “hybrid attack”. The incidents, which exposed gaps in its defence capabilities, contributed to plans to establish a European “drone wall”.
The best public interest journalism relies on first-hand accounts from people in the know.
If you have something to share on this subject, you can contact us confidentially using the following methods.
Secure Messaging in the Guardian app
The Guardian app has a tool to send tips about stories. Messages are end to end encrypted and concealed within the routine activity that every Guardian mobile app performs. This prevents an observer from knowing that you are communicating with us at all, let alone what is being said.
If you don't already have the Guardian app, download it (iOS/Android) and go to the menu. Select ‘Secure Messaging’.
SecureDrop, instant messengers, email, telephone and post
If you can safely use the Tor network without being observed or monitored, you can send messages and documents to the Guardian via our SecureDrop platform.
Finally, our guide at theguardian.com/tips lists several ways to contact us securely, and discusses the pros and cons of each.
