**
Russia Behind Destructive Cyber Attack on Danish Water Utility, Denmark Says
**Denmark's Defence Intelligence Service has attributed a devastating cyber attack on a water utility in 2024 to the pro-Russia group Z-Pentest and DDoS attacks tied to elections to the pro-Russia hacktivist group NoName057(16). According to officials, both groups act as tools of Russia's hybrid war, aiming to create insecurity and punish countries supporting Ukraine.
On December 2024, hackers altered pump pressure at a water utility in Køge, causing pipes to burst. This incident has been labeled by Denmark's defence minister as "very clear evidence that we are now where the hybrid war we have been talking about is unfortunately taking place." The minister condemned the cyberattacks and called them "completely unacceptable."
The Danish intelligence service has identified connections between Z-Pentest, NoName057(16), and the Russian state. Officials say that these groups exploit poorly secured VNC connections to access OT devices in critical infrastructure, causing varying impacts, including physical damage. The attacks primarily target water, food, agriculture, and energy sectors.
The Danish government has backed Ukraine with sanctions, military aid, training, and financial support since Russia's 2022 invasion. This move is seen as a clear indication of Denmark's stance on the conflict between Russia and Ukraine.
Hybrid war is a strategy in which a state combines military and non-military tools to weaken or destabilize an adversary without declaring open war. It typically blends various tactics, including cyber attacks, information operations, disinformation campaigns, and physical sabotage, all aimed at creating uncertainty, disrupting society, eroding trust in institutions, and imposing costs.
Denmark's Defence Intelligence Service has warned that recent cyber and drone incidents caused limited damage but exposed serious gaps in national resilience. The country is not adequately prepared for hybrid attacks from Russia, and officials are urging the government to take immediate action to strengthen its defenses.
**
The Hybrid War Strategy
**The Danish intelligence service has outlined the key elements of a hybrid war strategy:
- Cyber Attacks: These can range from reconnaissance and espionage to destructive attacks on critical infrastructure, aiming to create uncertainty and disrupt society.
- Information Operations: This involves spreading disinformation, propaganda, or influencing public opinion through various channels, including social media, news outlets, and other forms of communication.
- Physical Sabotage: Hybrid attacks often involve physical sabotage, such as destruction of infrastructure, to create a sense of insecurity and vulnerability.
- Economic Warfare: Russia's hybrid war strategy also includes economic warfare, aiming to disrupt supply chains, impose costs on adversaries, and gain strategic advantage.
**
Denmark's Response to Hybrid Attacks
**Denmark has raised the cyber espionage threat level for its telecom sector from medium to high due to rising threats across Europe. The Danish Social Security Agency has published a new threat assessment for the cyber threat to the telecommunications sector, highlighting the risks for telecom companies in Europe.
The U.S. State Department is offering up to $2 million for information on CARR members and up to $10 million for details on individuals linked to NoName. The joint advisory from FBI, CISA, National Security Agency (NSA), and partners countries warns that pro-Russia hacktivist groups like CARR, Z-Pentest, and NoName057(16) exploit poorly secured VNC connections to access OT devices in critical infrastructure.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest updates on cybersecurity news and analysis.