Denmark blames Russia for cyberattacks ahead of elections

Denmark's Defense Intelligence Service said on Thursday that Russia carried out destructive and disruptive cyberattacks against Danish infrastructure in 2024 and 2025, including an attack on a Danish water utility in 2024 and a series of denial-of-service attacks that overwhelmed Danish websites ahead of regional and local elections held last month.

Officials said the water-utility breach disrupted water pressure and caused pipes to burst near Køge, about 35 kilometers south of Copenhagen, leaving some homes without water. Danish broadcaster DR said the attack damaged the utility's water infrastructure and temporarily disrupted supply to residents.

The agency identified Moscow-linked groups involved in the attacks: Z-Pentest carried out the destructive attack on the water utility in 2024, while NoName057(16) was responsible for the cyberattack on Danish websites ahead of the elections. Both groups have links to the Russian state, the defense intelligence service said, and are described as instruments in Moscow's hybrid war against the West meant to sow insecurity and punish countries that support Ukraine.

The statement framed the incidents as part of a broader campaign by Russia to undermine Western unity and to test Europe’s defenses, noting that the attacks target critical infrastructure and digital services to erode public confidence and complicate governance. It also underscored that the incidents illustrate a capability to shut down important parts of society in peacetime and during political processes, even if the immediate damage from these particular attacks was limited.

Torsten Schack Pedersen, Denmark's minister of resilience and preparedness, told reporters that the events show there are forces capable of shutting down essential parts of society and that Denmark is not yet sufficiently equipped to withstand such operations. He urged continued investment in cyber defense and rapid response planning as authorities reassess vulnerability across sectors.

An Associated Press database tracks 147 cyber incidents linked to Russia since the invasion of Ukraine in 2022, spanning Europe and beyond. Officials caution that not all incidents are public and that it can take months to establish a Moscow link, meaning the tally will likely grow as investigations continue and more attacks are attributed.

Besides Denmark, other Western governments have reported a wave of cyber disruptions tied to Moscow’s campaign. The German foreign ministry has cited a 2024 cyberattack against German air traffic control as part of a broader pattern, and Berlin summoned Russia's ambassador in December to discuss sabotage, cyberattacks and election interference.

Western officials say the objective of these operations is twofold: to undermine political cohesion in countries that support Ukraine and to identify vulnerabilities that can be exploited in future crises. The Danish report arrives as regional and national elections prompt heightened scrutiny of digital security across Europe.

The Danish defense intelligence service said the attacks were designed to create insecurity in targeted countries and to punish those that back Ukraine, underscoring the strategic dimension of cyber operations in the broader conflict with Russia. While the immediate effects in Denmark were limited, authorities say the incidents highlight persistent risks to essential services, governance, and public trust during election cycles and periods of political tension.