Denmark’s intelligence and security agencies have accused Russia of conducting a series of destructive and disruptive cyber operations against Danish targets as part of a broader hybrid campaign tied to the war in Ukraine. According to Danish authorities, Russia-linked actors were responsible for multiple incidents during 2024 and early 2025 that targeted both critical infrastructure and public-facing digital services. One of the most serious cases involved a local water utility, where attackers gained access to operational systems and manipulated equipment, causing pipes to burst and temporarily disrupting water supplies for residents.

In addition to infrastructure attacks, Danish officials reported denial-of-service operations aimed at overwhelming websites associated with government services and local administration. Some of these attacks coincided with municipal and regional elections, limiting public access to online information and services at a sensitive political moment. While the incidents did not affect the integrity of election results, officials said they were intended to create uncertainty, strain public trust, and signal vulnerability.

Denmark’s Defense Intelligence Service described the activity as consistent with Russia’s use of cyber operations, sabotage, and information pressure to influence countries that support Ukraine. Danish leaders emphasized that the threat environment is becoming more complex and persistent, particularly for smaller states with digitally interconnected infrastructure, and warned that similar hybrid activities are likely to continue.