Denmark accuses Russia of ‘destructive and disruptive’ cyberattacks on water utility

Russia carried out cyberattacks targeting Danish infrastructure and government-linked websites in 2024 and 2025, Danish authorities said in a newly released assessment that details incidents not previously made public.

Denmark’s Defence Intelligence Service said on Thursday that Moscow was behind “destructive and disruptive” cyber operations, including an attack on a Danish water utility last year and a wave of denial-of-service attacks that knocked multiple Danish websites offline ahead of regional and local elections held last month. The affected water company said the cyber intrusion caused pipes to rupture, temporarily cutting water supply to some homes.

Jan Hansen, head of the Tureby Alkestrup Waterworks near Copenhagen, said the incident underscored the risks of underinvesting in digital security. He advised other companies not to reduce cybersecurity spending and to ensure they are covered by cyber insurance. Hansen said the breach occurred after the waterworks moved to a cheaper cybersecurity system that proved less robust than its previous setup.

More from World

India identifies 300 products to boost India’s exports to Russia Zelenskyy says peace proposals to end Ukraine war would reach Russia 'within days'

The intelligence service said the attacks form part of Russia’s broader “hybrid warfare” campaign against Western countries, aimed at sowing instability and punishing nations that support Ukraine. Russian hackers have previously been blamed for similar attacks on water infrastructure elsewhere in Europe, including a Norwegian dam, where authorities said hackers opened valves and allowed water to spill out.

Torsten Schack Pedersen, Denmark’s minister of resilience and preparedness, said the attacks resulted in limited damage but had serious ramifications.

“It shows that there are forces capable of shutting down important parts of our society," he said during a news conference Thursday, as reported by Danish broadcaster DR.

Quick Reads

View All

Mob sets Bangla cultural group Udichi Shilpigosthi’s office on fire in Dhaka

‘Bangladesh isn’t Denmark’: How West misread Sheikh Hasina and helped radicals whip Bangladesh

Schack Pedersen added that the cyberattacks show that Denmark is not sufficiently equipped to handle such situations, DR reported.

The attacks are among a growing number of incidents that Western officials say are part a campaign of sabotage and disruption across Europe masterminded by Russia. An Associated Press database has documented 147 incidents, including the two cases reported by Denmark this week.

Not all incidents are public and it can sometimes take officials months to establish a link to Moscow. While officials say the campaign — waged since President Vladimir Putin’s invasion of Ukraine in 2022 — aims to deprive Kyiv of support, they believe Moscow is also trying to identify Europe’s weak spots and suck up law enforcement resources.

The Danish agency said pro-Russian group Z-Pentest carried out the “destructive attack” on the water utility company in 2024 and that a separate group, NoName057(16), was responsible for the cyberattack on Danish websites ahead of the recent elections. It said both have links to the Russian state.

“The Russian state uses both groups as instruments of its hybrid war against the West. The aim is to create insecurity in the targeted countries and to punish those that support Ukraine,” the statement said. NoName057(16) acted, authorities said, in November to disrupt the elections, according to DR.

The Tureby Alkestrup Waterworks serves several villages some 35 kilometers (22 miles) south of Copenhagen. The waterworks said the hackers changed the water pressure, which caused a pipe to burst. It said about 50 households were without water for around seven hours while around 450 houses had no water for one hour.

In Germany, meanwhile, authorities summoned Russia’s ambassador in Berlin on Dec. 12 after the foreign ministry accused Moscow of carrying out sabotage, cyberattacks and election interference.

That included a 2024 cyberattack against German air traffic control, German Foreign Ministry spokesperson Martin Giese said.

With inputs from agencies