Russia is responsible for recent destructive and disruptive cyber-attacks against Denmark, according to the Danish Defence Intelligence Service (DDIS).
In a public statement published on December 18, 2025, the DDIS assessed that Russian hacktivists were behind a destructive cyber-attack on a Danish water utility in 2024.
Russian threat actors were also blamed for a series of distributed denial-of-service (DDoS) attacks on Danish websites in the run-up to the 2025 municipal and regional council elections. This event was “used as a platform to attract public attention,” the intelligence service added.
Specifically, the DDIS named the pro-Russian hacktivist groups Z-Pentest as the authors of the destructive attack on the water utility in 2024 and said NoName057(16) was behind the series of DDoS attacks in 2025.
The intelligence service also assessed that both groups have links to the Russian state.
“The Russian state uses both groups as instruments of its hybrid war against the West. The aim is to create insecurity in the targeted countries and to punish those that support Ukraine.” Said the DDIS statement.
US-Backed Global Advisory on Pro-Russian Hacktivists’ Techniques
The statement was published a few days after a global cybersecurity advisory warned that pro-Russian hacktivist groups conduct opportunistic attacks against US and global critical infrastructure.
The advisory, initially published on December 10 and updated on December 18, was co-signed by 23 law enforcement and intelligence agencies across the Five Eyes (Australia, Canada, the UK, the US, New Zealand), EU member states (Czech Republic, France, Germany, Italy, Latvia, Lithuania, Romania, Spain, Sweden), Europol and Eurojust.
The document named several specific groups, including Cyber Army of Russia Reborn (CARR), NoName057(16), Sector16 and Z-Pentest.
It provided key techniques, tactics and procedures (TTPs) previously used in cyber malicious campaigns conducted by these groups.
