Overview
- Denmark’s Defence Intelligence Service attributed a 2024 water-utility attack to Z-Pentest and pre-election DDoS activity in November 2025 to NoName057(16).
- Analysts assessed both groups have links to the Russian state and are used to create insecurity in countries supporting Ukraine.
- In the Køge incident, a hacker altered pump pressure, bursting three pipes and temporarily cutting water to some customers, according to Danish reports.
- Copenhagen condemned the activity as unacceptable, will summon Russia’s ambassador, and warned the incidents exposed gaps in national cyber readiness.
- The public finding aligns with a recent multinational advisory naming the same groups, as wider European reporting cites a growing pattern also seen in Germany’s recent protest to Moscow.