Danish municipalities hacked ahead of local elections are at the centre of a wave of DDoS attacks that the government expects will continue in the coming days, as a pro‑Russian hacker group claims responsibility just one week before voters go to the polls on 18 November.
Danish municipalities hacked in coordinated DDoS wave
On Wednesday, several Danish municipalities reported that their official websites had been knocked offline or made unstable by what authorities describe as distributed denial-of-service (DDoS) attacks. Municipalities including Gentofte, Rødovre, Ishøj, Tårnby and Rudersdal experienced outages, leaving residents temporarily unable to access local information and digital self-service solutions.
In Gentofte, the municipality posted on Facebook that its website was “unfortunately a bit unstable” due to a hacker attack that had also affected “other municipalities, businesses and organisations”. Similar problems were reported in neighbouring municipalities around Copenhagen, where homepages either loaded slowly or were unavailable for parts of the day.
The attacks have also hit private companies. Publishing house Gyldendal and audio and hearing technology group GN Store Nord were among the businesses whose websites were listed as targets. So far, the incidents appear limited to overloading public-facing pages, with no indication that internal systems or personal data have been compromised.
Pro-Russian group claims responsibility
Shortly after the outages, the pro‑Russian hacker group NoName057(16) wrote on X that it was behind the attacks on several Danish municipal websites, naming Ishøj, Tårnby, Gentofte and Rødovre as targets and promising to continue its “walk around Denmark”. The group also mentioned attacks on GN Store Nord and Gyldendal, framing the campaign as a form of retaliation.
NoName057(16) has been active since 2022 and is known for politically motivated DDoS attacks against government agencies, media and companies in countries that support Ukraine. The group operates primarily via Telegram channels and social media, where it publicly claims responsibility for overload attacks and publishes lists of “enemy” websites.
Security researchers describe NoName057(16) as a loosely organised hacktivist collective aligned with Russian interests rather than a traditional state intelligence service. Its preferred tool is the DDoSIA platform, which allows sympathisers to participate in coordinated DDoS campaigns by flooding designated targets with traffic. The attacks are disruptive and attention‑seeking, but generally not sophisticated enough to breach secure systems.
Minister expects more cyberattacks before 18 November vote
Denmark’s Minister for Civil Protection and Emergency Management (Minister for samfundssikkerhed og beredskab) Torsten Schack Pedersen said the authorities expect more cyberattacks in the run‑up to the municipal and regional elections on 18 November.
“These pro‑Russian hacker groups carry out these attacks to gain maximum attention, and we must expect more of this type of attack as we approach the municipal and regional elections,” he told TV 2.
According to the minister, the Danish Civil Protection Agency is in continuous contact with relevant authorities and monitoring the situation closely.
Pedersen underlined that DDoS attacks are not considered dangerous for citizens or for the core systems that support Danish democracy. The attacks temporarily take websites offline by overloading them with traffic, but they do not in themselves alter data or penetrate voting systems.
The minister also highlighted that Denmark still uses paper ballots and has not introduced nationwide digital voting. In his view, this choice strengthens resilience against cyber threats: even if websites that publish results or provide information are disrupted, the votes can still be cast and counted manually in polling stations.
Election security, hybrid threats and Nordic resilience
The wave of cyberattacks on Danish municipalities comes days after a joint threat assessment by the Danish Agency for Public Safety, the Danish Security and Intelligence Service and the Danish Defence Intelligence Service concluded that the cyber threat against the municipal and regional elections is high. The assessment finds it likely that pro‑Russian groups will attempt DDoS attacks against websites connected to the election, including municipal pages and sites publishing results.
At the same time, the authorities currently assess the threat from attempted influence operations and physical sabotage by foreign states as low, and they do not expect direct interference with the casting of votes. The main risks are delays in the publication of results or interruptions to digital information channels, rather than manipulation of the outcome itself.
Danish security services have for several years warned about hybrid threats, where cyberattacks, disinformation and economic pressure are used together to test the resilience of democratic institutions. Similar DDoS campaigns by pro‑Russian groups have previously targeted public websites in other Nordic and EU countries, often timed to coincide with elections, NATO decisions or debates on support for Ukraine.
In response, Denmark and other Nordic countries have strengthened cooperation on cyber security and crisis preparedness, investing in backup systems, incident‑response capabilities and public communication strategies. The latest attacks on municipal websites are therefore seen less as an existential threat and more as a stress test for these protective measures.
Limited disruption but a clear warning
So far, the practical impact of the latest DDoS attacks on Danish municipalities has been limited to temporary outages and citizen frustration when trying to access local information online. Essential services and the organisation of the 18 November elections continue as planned.
For Danish authorities, however, the incidents are a reminder that even relatively simple cyber tools can be used to signal political messages and probe democratic systems. As local and regional councils across the country prepare for a new four‑year term, Denmark is likely to face further attempts to disrupt its digital infrastructure – even if the ballot papers in polling stations remain firmly offline.
