• Home
  • cyber
  • Danish energy firms and Danish government: Russian Hacker Alliance Launches Large-Scale Cyberattack On Denmark
cyber Cyber Attack

Danish energy firms and Danish government: Russian Hacker Alliance Launches Large-Scale Cyberattack On Denmark

Feb 2, 2026 2 min read
Danish energy firms and Danish government: Russian Hacker Alliance Launches Large-Scale Cyberattack On Denmark

Russian Hacker Alliance Launches Cyber Offensive Against Denmark Over Ukraine Aid

A newly formed Russian hacker coalition comprising Russian Legion, Inteid, and Cardinal has launched a targeted cyber campaign against Denmark, demanding the government abandon a 1.5 billion DKK ($220 million) military aid package to Ukraine. The group issued its first threat via Telegram on January 28, 2026, warning of DDoS attacks as an initial strike, with "real cyber attacks" to follow if demands are ignored.

The offensive escalated on February 2, with the group claiming responsibility for DDoS attacks against Danish energy firms, government websites, and businesses over the past 48 hours. The main wave of attacks was scheduled for 6 PM Moscow time (4 PM Danish time), targeting critical infrastructure, including energy grids, with traffic floods designed to disrupt services.

Tactics and Early Impact

The alliance employs a multi-stage attack strategy, beginning with DDoS botnets to overwhelm servers before potentially escalating to data wipes or ransomware. Screenshots shared by the group show Danish websites already experiencing outages, confirming early disruptions.

The hackers leverage low-cost DDoS-for-hire tools capable of delivering gigabit-scale attacks, raising concerns about vulnerabilities in SCADA systems controlling critical infrastructure. While Denmark’s CERT has not issued official alerts, private firms report brief outages, and cybersecurity firm Truesec notes similar attacks in Norway and Finland, linked to disputes over Ukraine aid.

State Alignment and Psychological Warfare

Truesec assesses Russian Legion as state-aligned, though not directly state-funded, fitting Russia’s broader pattern of cyber operations tied to geopolitical conflicts. Since the 2022 Ukraine invasion, Russian cyber intrusions have surged by 300%, with groups combining DDoS attacks with information operations to amplify Kremlin narratives.

While 60% of such threats remain at the DDoS stage, escalations can still inflict damage a 2025 Baltic DDoS wave cost banks millions in downtime. The current campaign pressures Denmark politically, though NATO commitments make an aid reversal unlikely. The alliance’s strength lies in loose coordination, pooling botnets and sharing exploits via dark web forums, with potential follow-on attacks including SQL injections or phishing for insider access.

Denmark’s response remains under scrutiny as the attacks unfold.

Source: https://cyberpress.org/russian-hackers-hit-denmark/

Danish Cyber Defence cybersecurity rating report: https://www.rankiteo.com/company/danish-cyber-defence

"id": "DAN1770036261",
"linkid": "danish-cyber-defence",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"
{'affected_entities': [{'industry': 'Public Sector',
                        'location': 'Denmark',
                        'name': 'Danish government',
                        'type': 'Government'},
                       {'industry': 'Energy',
                        'location': 'Denmark',
                        'name': 'Danish energy firms',
                        'type': 'Private Sector'},
                       {'industry': 'Various',
                        'location': 'Denmark',
                        'name': 'Danish businesses',
                        'type': 'Private Sector'}],
 'attack_vector': ['DDoS botnets', 'Low-cost DDoS-for-hire tools'],
 'date_detected': '2026-02-02',
 'date_publicly_disclosed': '2026-01-28',
 'description': 'A newly formed Russian hacker coalition comprising Russian '
                'Legion, Inteid, and Cardinal has launched a targeted cyber '
                'campaign against Denmark, demanding the government abandon a '
                '1.5 billion DKK ($220 million) military aid package to '
                'Ukraine. The group issued threats via Telegram and executed '
                'DDoS attacks against Danish energy firms, government '
                'websites, and businesses, with potential escalation to data '
                'wipes or ransomware.',
 'impact': {'downtime': 'Brief outages reported',
            'operational_impact': 'Disruption of critical infrastructure '
                                  'services',
            'systems_affected': ['Energy grids',
                                 'Government websites',
                                 'Business servers']},
 'investigation_status': 'Ongoing',
 'motivation': ['Geopolitical (opposition to Ukraine aid)',
                'State-aligned cyber operations'],
 'ransomware': {'ransom_demanded': 'Abandonment of 1.5 billion DKK military '
                                   'aid to Ukraine'},
 'references': [{'date_accessed': '2026-01-28',
                 'source': 'Telegram (threat announcement)'},
                {'source': 'Truesec (cybersecurity firm)'}],
 'response': {'third_party_assistance': 'Truesec (cybersecurity firm)'},
 'threat_actor': ['Russian Legion', 'Inteid', 'Cardinal'],
 'title': 'Russian Hacker Alliance Launches Cyber Offensive Against Denmark '
          'Over Ukraine Aid',
 'type': ['DDoS', 'Cyber Extortion'],
 'vulnerability_exploited': ['SCADA system vulnerabilities']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.