Menu
Browse

Cyber Threat Actor: Onidsindede russiske hackere

Actor Type Location Known Incidents
 Icon
Nation State
Russia
1 incident
Profile

Onidsindede russiske hackere is a threat actor identified by the alias “Onidsindede russiske hackere” and is publicly associated with Russia as its known location. The actor has been referenced in connection with cyber activity directed against Danish municipal infrastructure, specifically noting a pattern of frequent hacking attempts originating from Russian sources. Public statements from the affected municipality indicate that it faces thousands of such attempts each day, suggesting a sustained level of engagement from this actor. No further details about the actor’s internal structure, size, or affiliations are provided in the available sources.

The observed targeting of the actor includes the government sector, exemplified by the February 26 2024 incident against Aarhus Kommune’s website provider Cabana. The attack was a distributed denial‑of‑service (DDoS) operation that temporarily took the municipal site offline, which officials described as a disruption rather than a breach of data confidentiality or integrity. The municipality explicitly stated that no lasting damage occurred and that citizens’ data were never at risk, underscoring the disruptive nature of the activity. Based on this incident, the actor’s demonstrated strategic objective aligns with causing service disruption, as the DDoS aimed to impede online availability rather than to extract information or generate financial gain.

In terms of tactics, techniques, and procedures, the only confirmed method attributed to Onidsindede russiske hackere is the use of DDoS attacks aimed at overwhelming web‑hosting services. No specific malware families, initial access vectors, or particular tooling styles are mentioned in the source material, so the profile is limited to the observed reliance on volumetric traffic disruption. The actor’s approach appears focused on leveraging network‑level pressure to achieve temporary outages, without evidence of more invasive techniques such as credential theft or lateral movement.

Attribution to the actor is based on the publicly stated location in Russia; however, the sources do not establish a clear state nexus, criminal consortium, or any formal affiliation beyond the geographic indicator. The Aarhus Kommune DDoS event stands as the sole publicly reported operation that can be cited as a representative example of the actor’s activity, illustrating a pattern of disruption‑oriented attacks against Danish municipal online services. The municipality’s response, which includes collaboration with the Center for Cyber Security and advancement of its Security Tech Space initiative, reflects the perceived ongoing threat posed by this actor.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources