By Euronews
Published on
Denmark accused Russia on Thursday of cyberattacks in 2024 and 2025 against a water utility company that caused pipes to burst and targeting government websites ahead of the November elections, marking the first time Copenhagen has publicly attributed such attacks to Moscow.
Pro-Russian hacking group Z-Pentest attacked the Tureby Alkestrup Waterworks in late 2024, altering water pressure and causing at least three pipes to burst in Køge, 35 kilometres south of Copenhagen, Denmark’s Defence Intelligence Service said.
Around 50 households were without water for seven hours while 450 homes lost supply for one hour.
A separate pro-Russian group, NoName057(16), carried out distributed denial-of-service attacks on Danish websites in November ahead of regional and local elections, the intelligence service said. Both groups have links to the Russian state, according to Danish authorities.
“The Russian state uses both groups as instruments of its hybrid war against the West,” Denmark’s intelligence agency said in a statement. “The aim is to create insecurity in the targeted countries and to punish those that support Ukraine.”
Copenhagen summoned Russia’s ambassador in response to the findings. Defence Minister Troels Lund Poulsen called the attacks “completely unacceptable”.
Jan Hansen, head of the Tureby Alkestrup Waterworks, said the attack succeeded because the utility had switched to cheaper cybersecurity that was less secure than its previous system.
“My advice to other companies is not to cut costs on cybersecurity and to take out cyber insurance,” Hansen said.
Torsten Schack Pedersen, Denmark’s minister of resilience and preparedness, said during a news conference Thursday the attacks caused limited damage but showed that “there are forces capable of shutting down important parts of our society.”
Hacking groups backed by Russian state
Z-Pentest was founded, financed and directed by Russia’s military intelligence agency GRU, according to the US Justice Department.
The group formed in September 2024 after administrators of another pro-Russian group, CyberArmyofRussia_Reborn, became dissatisfied with GRU support.
Z-Pentest has claimed responsibility for hundreds of cyberattacks on critical infrastructure worldwide, including attacks on US drinking water systems that damaged controls and spilt hundreds of thousands of litres of water.
The group also attacked a Los Angeles meat processing facility in November 2024, spoiling thousands of pounds of meat and triggering an ammonia leak.
NoName057(16) has been active since March 2022, conducting frequent denial-of-service attacks against government and private sector entities in NATO countries and other European nations.
The group operates through Telegram channels and developed proprietary software called DDoSia that recruits volunteers worldwide to participate in attacks. It also pays top volunteers in cryptocurrency and publishes daily leaderboards on Telegram.
Part of broader Russian campaign
The Danish attacks are among a growing number of incidents Western officials describe as part of a Russian campaign of sabotage and disruption across Europe. An Associated Press database has documented 147 such incidents.
Norwegian authorities blamed pro-Russian hackers for an April attack on the Bremanger dam that opened a floodgate and released 500 litres of water per second for four hours.
The dam is primarily used for fish farming. Norwegian counter-intelligence chief Beate Gangås said the attack aimed to create fear and demonstrate hacking capabilities rather than cause destruction.
Germany summoned Russia’s ambassador last Friday after accusing Moscow of sabotage and election interference, including a 2024 cyberattack on German air traffic control, according to German Foreign Ministry spokesman Martin Giese.
Western officials say that since Russia’s February 2022 full-scale invasion of Ukraine, Moscow has used cyberattacks, sabotage and influence operations to undermine support for Kyiv while identifying vulnerabilities in European infrastructure.
Additional sources • AP
