Threat Insight
DDoS Attacks Against Municipalities in Denmark and Sweden
The last weeks has seen a surge in DDoS attacks on organizations in both Sweden and Denmark. Many of the victim organizations have been local municipalities in the countries. This is likely part of a larger campaign targeting other European nations too.
A pro-Russian hacktivist group called NoName057(16) has assumed responsibility for the attacks. Their official reason is that this campaign is a retaliation directed at nations that participated in Operation Eastwood in July 2025.
Operation Eastwood was an international law enforcement operation, led by Europol and Eurojust that dismantled much of the digital infrastructure used by NoName057(16) that forced the group to temporarily halt their activities.
Assessment
Truesec has previously reported on Operation Eastwood. NoName057(16) is assessed to likely be controlled by Russian intelligence, possibly GRU, but they recruit volunteers both in Russia and outside, offering cash prizes for affiliates that assist them.
Operation Eastwood was a blow to NoName057(16) and this campaign is likely an attempt to restore the group’s prestige, both in the eyes of their adversaries and their online fans.
The DDoS attacks against many municipalities in Denmark coincided with municipal elections in Denmark. It’s possible that NoName057(16) timed their attacks against Denmark to coincide with the elections to achieve maximum impact in media, but the original reason appears to be related to Operation Eastwood.
References
[1] https://www.truesec.com/hub/blog/takedown-of-large-pro-russian-ddos-group
[3] https://socradar.io/ddosia-targets-denmark-a-clear-look-at-the-threat/
Stay ahead with cyber insights
Newsletter
Stay ahead in cybersecurity! Sign up for Truesec’s newsletter to receive the latest insights, expert tips, and industry news directly to your inbox. Join our community of professionals and stay informed about emerging threats, best practices, and exclusive updates from Truesec.