Danish authorities say in a new assessment published this week that Russia carried out cyberattacks against infrastructure and websites in Denmark in 2024 and 2025, describing new cases which had not previously been reported.
Denmark’s Defense Intelligence Service said in a statement Thursday that Moscow was responsible for “destructive and disruptive” cyberattacks on a Danish water utility in 2024 and a series of denial of service attacks which overwhelmed Danish websites ahead of regional and local elections last month. Danish broadcaster DR said the attack on the water utility caused pipes to burst, leaving homes temporarily without water.
The intelligence service said the attacks were part of Russia’s “hybrid war” against the West and an attempt to create instability. It said Moscow’s cyberattacks are part of a broader campaign to undermine and punish countries which support Ukraine.
Torsten Schack Pedersen, Denmark’s minister of resilience and preparedness, said the attacks resulted in limited damage but had serious ramifications.
“It shows that there are forces capable of shutting down important parts of our society,” he said during a news conference Thursday, as reported by Danish broadcaster DR.
Schack Pedersen added that the cyberattacks show that Denmark is not sufficiently equipped to handle such situations, DR reported.
The attacks are among a growing number of incidents that Western officials say are part a campaign of sabotage and disruption across Europe masterminded by Russia. An Associated Press database has documented 147 incidents, including the two cases reported by Denmark this week.
Not all incidents are public and it can sometimes take officials months to establish a link to Moscow. While officials say the campaign — waged since President Vladimir Putin’s invasion of Ukraine in 2022 — aims to deprive Kyiv of support, they believe Moscow is also trying to identify Europe’s weak spots and suck up law enforcement resources.
The Danish agency said pro-Russian group Z-Pentest carried out the “destructive attack” on the water utility in 2024 and that a separate group, NoName057(16), was responsible for the cyberattack on Danish websites ahead of the recent elections. It said both have links to the Russian state.
“The Russian state uses both groups as instruments of its hybrid war against the West. The aim is to create insecurity in the targeted countries and to punish those that support Ukraine,” the statement said.
Z-Pentest’s alleged actions affected the utility’s water pressure and caused water pipes to burst near Køge, some 35 kilometers (22 miles) south of Copenhagen, DR reported. Several customers were out of water as a result.
NoName057(16) acted, authorities said, in November to disrupt the elections, according to DR.
In Germany, meanwhile, authorities summoned Russia’s ambassador in Berlin on Dec. 12 after the foreign ministry accused Moscow of carrying out sabotage, cyberattacks and election interference.
That included a 2024 cyberattack against German air traffic control, German foreign ministry spokesperson Martin Giese said.
Related: Russian Hackers Likely Not Involved in Attacks on Denmark’s Critical Infrastructure
