Denmark’s government has officially blamed Russia for executing two “destructive and disruptive” cyber operations, characterizing them as “unmistakable evidence” of hybrid conflict tactics, regardless of how one interprets that phrase.
The Danish Defence Intelligence Service (DDIS) identified Russia as the perpetrator behind a 2024 cyberattack targeting a Danish water facility and multiple distributed denial-of-service (DDoS) operations against Danish digital properties during the approach to November’s municipal and regional council elections.
DDIS reports that the pro-Russian collective Z-Pentest executed the initial cyber operation, while NoName057(16) orchestrated this year’s DDoS disruptions. Copenhagen maintains that the second group maintains connections to Moscow’s government apparatus.
Denmark Labels Attacks “Entirely Unacceptable”
“Moscow employs both collectives as weapons in its hybrid conflict against Western nations. Their objective is generating uncertainty in victim countries and retaliating against Ukraine’s supporters,” DDIS stated in an official release.
“DDIS evaluates that Danish elections served as a vehicle to capture public awareness—a methodology witnessed across multiple European electoral processes.”
NoName057(16) represents an ideologically motivated criminal operation aligned with Kremlin objectives, though definitive proof of direct governmental involvement remains unestablished.
This collective has been associated with countless DDoS operations since Russia initiated its Ukrainian military campaign. Its repeated targets include Ukraine and supporting nations, numerous of which hold NATO membership.
During the Køge water facility incident in December 2024, an attacker obtained system control and manipulated pump pressure levels, causing three pipeline ruptures.
“Russian-orchestrated hybrid operations on Danish territory are wholly unacceptable,” stated Denmark’s defence minister, Troels Lund Poulsen.
Questioning the Breadth of “Hybrid” Terminology
Copenhagen also characterized September’s drone penetrations of Danish airports and military-significant zones as “hybrid operations.” At that time, Prime Minister Mette Frederiksen declared that hybrid conflict was occurring, labeling it “the most challenging and threatening circumstances since World War II concluded.”
The “hybrid war” designation now encompasses virtually every antagonistic action falling short of traditional military engagement.
“Hybrid war,” alongside derivative terms like “hybrid threats” and “hybrid operations,” has evolved into the universal descriptor in political discourse, research institution analyses, and media coverage. This designation currently applies to nearly every hostile action that avoids conventional warfare.
Skeptics contend, however, that such elastic definitions frequently function as propaganda instruments and mechanisms for circumventing rigorous evidence-gathering, substituting clear analytical frameworks with assumption.
A 2021 European Parliament analysis cautioned that imprecise definitions actually obscure institutional accountability and impede efforts to develop targeted defensive responses.
Notably, Sweden, Denmark’s neighboring country, has deliberately avoided this terminology, opting instead for “gray zone problem” (gråzonsproblematik) within its “total defense” framework, which necessitates preparation for all threat categories, military or otherwise..
