Terma

Terma, a Danish defense and aerospace company, was targeted in a DDoS (Distributed Denial of Service) cyber attack on November 13, claimed by the pro-Russian hacker group NoName057. The attack disrupted access to Terma’s website and other Danish government portals, including the Ministry of Transport and Borger.dk, by overloading servers with malicious traffic. While Terma confirmed the attack, it stated that no security breaches occurred, and no data was compromised or lost. The company emphasized its preparedness, responding swiftly to mitigate disruptions. The incident was part of a broader campaign targeting Danish infrastructure, likely in retaliation for Denmark’s support of Ukraine. Danish authorities, including the Civil Protection Agency and military intelligence, monitored the situation closely. Earlier, the same hacker group had targeted Danish municipalities ahead of local elections, reinforcing concerns over cyber threats linked to geopolitical tensions.

Source: https://www.straitstimes.com/world/europe/cyberattack-hits-danish-govt-defence-websites

TPRM report: https://www.rankiteo.com/company/terma-a-s

"id": "ter5592155111325",
"linkid": "terma-a-s",
"type": "Cyber Attack",
"date": "11/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'industry': 'Public Safety',
                        'location': 'Denmark',
                        'name': 'Danish Civil Protection Agency',
                        'type': 'Government Agency'},
                       {'industry': 'Transportation',
                        'location': 'Denmark',
                        'name': 'Ministry of Transport (Denmark)',
                        'type': 'Government Ministry'},
                       {'industry': 'Government Services',
                        'location': 'Denmark',
                        'name': 'Borger.dk',
                        'type': 'Public Sector Portal'},
                       {'industry': 'Defense/Aerospace',
                        'location': 'Denmark',
                        'name': 'Terma',
                        'type': 'Private Company'},
                       {'industry': 'Public Administration',
                        'location': 'Denmark',
                        'name': 'Danish Municipalities (multiple)',
                        'type': 'Local Government'}],
 'attack_vector': 'Distributed Denial of Service (DDoS)',
 'customer_advisories': 'Terma confirmed no security breaches or data loss via '
                        'spokesperson Tobias Brun-Falkencrone',
 'data_breach': {'data_exfiltration': 'No',
                 'file_types_exposed': 'None',
                 'number_of_records_exposed': '0',
                 'personally_identifiable_information': 'None',
                 'sensitivity_of_data': 'None',
                 'type_of_data_compromised': 'None'},
 'date_detected': '2023-11-13',
 'date_publicly_disclosed': '2023-11-13',
 'description': 'Danish government and defense websites, including the '
                'Ministry of Transport, public sector portal Borger.dk, and '
                'defense contractor Terma, were targeted in a wide-ranging '
                'DDoS attack on November 13. The pro-Russian hacker group '
                "NoName057 claimed responsibility, citing Denmark's support "
                'for Ukraine as motivation. The attacks caused outages and '
                'operational disruptions, but no data breaches or security '
                'compromises were reported. The same group had previously '
                'targeted Danish municipalities on November 12, ahead of local '
                'elections.',
 'impact': {'data_compromised': 'None',
            'downtime': 'Temporary outages and operational disruptions '
                        '(duration unspecified)',
            'identity_theft_risk': 'None',
            'operational_impact': 'Disruptions to public and defense sector '
                                  'services',
            'payment_information_risk': 'None',
            'systems_affected': ['Ministry of Transport website',
                                 'Borger.dk (public sector portal)',
                                 'Terma (defense group) website',
                                 'Danish municipalities (Nov 12)']},
 'initial_access_broker': {'data_sold_on_dark_web': 'No',
                           'high_value_targets': ['Government websites',
                                                  'Defense contractor '
                                                  '(Terma)']},
 'investigation_status': 'Ongoing (monitored by Danish Civil Protection Agency '
                         'and military intelligence)',
 'motivation': "Retaliation for Denmark's support of Ukraine",
 'references': [{'source': 'The Straits Times (AFP)'}],
 'response': {'communication_strategy': 'Public disclosure via Civil '
                                        'Protection Agency and Terma '
                                        'spokesperson',
              'containment_measures': 'Quick response to mitigate DDoS traffic '
                                      '(details unspecified)',
              'enhanced_monitoring': 'Situation monitored closely by Civil '
                                     'Protection Agency and military '
                                     'intelligence',
              'incident_response_plan_activated': 'Yes (by Danish Civil '
                                                  'Protection Agency and '
                                                  'military intelligence)',
              'recovery_measures': 'Systems restored (no data loss reported)'},
 'threat_actor': 'NoName057 (pro-Russian hacker group)',
 'title': 'DDoS Attacks on Danish Government and Defense Websites by '
          'Pro-Russian Hackers',
 'type': ['Cyber Attack', 'DDoS Attack']}