Creator( )euro news
Release date
Denmark on Thursday accused Russia of cyberattacks against water utilities that caused pipe bursts in 2024 and 2025 and targeted government websites ahead of November elections, marking the first time Copenhagen has publicly attributed such attacks to Moscow.
According to Denmark’s Defense Intelligence Agency, pro-Russian hacker group Z Pentest attacked the Thuleby-Arkestrup water facility in late 2024, changing water pressure and bursting at least three pipes in Köge, 35 km south of Copenhagen.
Approximately 50 households were without water for seven hours, and 450 households were without water for one hour.
According to intelligence agencies, another pro-Russian group, NoName057 (16), carried out distributed denial-of-service attacks against Danish websites in November ahead of local and regional elections. According to Danish authorities, both groups have ties to the Russian state.
“The Russian state is using both groups as instruments of hybrid warfare against the West,” Danish intelligence said in a statement. “The aim is to cause unrest in the targeted countries and punish those that support Ukraine.”
Copenhagen summoned the Russian ambassador in response to the findings. Defense Minister Troels Lund Poulsen said the attack was “totally unacceptable”.
Jan Hansen, head of the Thuleby-Arkestrup water authority, said the attack was successful because the water authority had switched to cheaper cybersecurity, which was less secure than its previous system.
“My advice to other companies is to not cut your cybersecurity costs and buy cyber insurance,” Hansen said.
Denmark’s Recovery and Preparedness Minister Torsten Schak Pedersen said at a press conference on Thursday that while the damage from the attack was limited, it showed that “there are forces that can shut down important parts of society.”
Russian state-backed hacking group
According to the U.S. Department of Justice, Z Pentest was founded, funded and directed by Russia’s military intelligence agency, the GRU.
The group was formed in September 2024 after administrators of another pro-Russian group, CyberArmyofRussia_Reborn, were dissatisfied with the GRU’s support.
Z-Pentest has claimed responsibility for hundreds of cyberattacks on critical infrastructure around the world, including an attack on a U.S. drinking water system that damaged controls and spilled hundreds of thousands of liters of water.
The group also attacked a meat processing facility in Los Angeles in November 2024, causing thousands of pounds of meat to rot and causing an ammonia leak.
NoName057(16) has been active since March 2022 and frequently conducts denial-of-service attacks against governments and private sectors in NATO and other European countries.
The group operates through Telegram channels and has developed proprietary software called DDoSia that recruits volunteers from all over the world to participate in the attack. We also pay our top volunteers in cryptocurrency and publish daily leaderboards on Telegram.
Part of a broader Russian campaign
The Danish attack is one of a growing number of incidents that Western officials describe as part of Russia’s campaign of sabotage and chaos across Europe. The Associated Press database records 147 such incidents.
Norwegian authorities blamed pro-Russian hackers for the April attack on the Bremanger dam, which opened its flood gates and released 500 liters of water per second for four hours.
This dam is mainly used for fish farming. Beate Gangas, Norway’s head of counterintelligence, said the attack was aimed at inciting fear and demonstrating hacking capabilities rather than causing destruction.
Germany summoned Russia’s ambassador last Friday after accusing Russia of sabotage and election interference, including a 2024 cyberattack on German air traffic control, according to German Foreign Ministry Spokesman Martin Giese.
Since Russia’s full-scale invasion of Ukraine in February 2022, the Russian government has used cyberattacks, sabotage and influence operations to undermine support for Kiev, while identifying vulnerabilities in European infrastructure, Western officials said.
Additional sources of information • AP