Pro-Russian group claims hits on Danish party websites as voters head to polls

Cyberattacks claimed by pro-Russian hackers briefly knocked offline Danish political party and government websites on the eve of local elections, officials said, adding that the incidents did not disrupt voting.

Several party websites — including those of the Conservatives, the Red-Green Alliance, the Moderates and the ruling Social Democrats — were hit by distributed denial-of-service (DDoS) attacks on Monday, temporarily preventing access. DDoS attacks flood targeted servers with traffic to disrupt normal operations.

The Russian-aligned hacker group NoName057(16), known for DDoS campaigns, claimed responsibility.

The Danish Agency for Social Security said it was aware of the outages and was monitoring the situation alongside military intelligence. DDoS incidents, it noted, have become “part of the normal picture” in Denmark, with local websites frequently targeted by groups seeking attention rather than strategic gain.

According to election officials, the attacks had no effect on voting, which is conducted entirely by hand. Voters were heading to the polls on Tuesday.

Among the victims was The Copenhagen Post, an English-language outlet whose servers were knocked offline for several hours on Monday. The newsroom said it received advance warning from intelligence services and that no data had been compromised.

In the week leading up to the elections, Danish authorities recorded an uptick in cyber incidents targeting public- and private-sector websites, many of them claimed by pro-Russian groups. Earlier this month, websites belonging to the Danish government and several defence companies were briefly taken offline in a DDoS attack that officials said likely originated in Russia; NoName057(16) also claimed responsibility.

Local authorities said it remained unlikely that hackers would attempt to interfere directly in the electoral process.

Pro-Russian hacking groups have stepped up disruptive activity around elections across Europe. In September, Moldova’s electoral infrastructure suffered multiple cyberattacks, including DDoS incidents that disrupted access to the Central Electoral Commission’s website and government cloud services. In May, Poland and Romania were also targeted in similar campaigns.

NoName057(16), which emerged shortly after Russia’s 2022 invasion of Ukraine, specializes in short-lived DDoS attacks carried out with the help of volunteer participants. Its operations have largely focused on European countries, including Poland, Czechia, Lithuania and Italy.

In July, European and U.S. law enforcement seized more than 100 servers allegedly used by the group and disrupted what authorities described as a key part of its infrastructure. German investigators also issued six arrest warrants for Russian nationals believed to help lead the group. 

Despite the crackdown, NoName057(16) continues to announce new targets daily on its channels on X and Telegram.