Cyber Incident Victim: Denmark
Date:
Feb 2024
Location:
Denmark
Summary
A series of DDoS attacks recently struck multiple Danish entities, including Thisted Kommune, Bornholms Lufthavn, Odense Kommune, Horsens, Helsingør and Vejle, temporarily disrupting their public websites. The pro‑Russian hacker group NoName57(16) claimed responsibility on Telegram, stating the attacks aimed to sow unease in digital services while noting that the incidents did not result in data theft or lasting harm.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On Saturday the IT provider for Bornholms Lufthavn notified the airport management that a distributed denial‑of‑service attack was underway against its online services, marking the first indication of the cyber incident that would unfold over the weekend. The attack quickly expanded to include several Danish municipalities, with Thisted Kommune and Odense Kommune experiencing disruptions to their websites on Sunday, as reported by Ritzau, while Bornholms Lufthavn also reported intermittent inaccessibility of its homepage during the same period. By Monday morning Thisted Kommune announced that its homepage had been restored and was again operational, acknowledging that the site had been under a massive hacking attack and expressing regret for the inconvenience caused to residents seeking information or services online. In response to the outage Thisted Kommune advised citizens that the same information and services normally available on the website could still be accessed via telephone and email, and the municipality indicated that it was working intensively to resolve the underlying issue.
The pro‑Russian hacking collective NoName57(16) claimed responsibility for the series of attacks through posts on the Telegram platform, stating that they intended to give Denmark an unforgettable weekend and that their DDoS missiles had struck three transport websites and one municipality. According to the group’s messages and subsequent commentary from IT expert Peter Kruse, the primary aim of the attacks was to sow unease in a highly digitalized society rather than to exfiltrate personal or sensitive data. Bornholms Lufthavn director Jimmi Holm Hansen described the experience as irritating and frustrating, noting that the airport had not received any reports of passenger disruption despite the website being periodically unavailable, and that normal operations had continued throughout the weekend.
Following the restoration of its site, Thisted Kommune convened a meeting to discuss the incident and its implications, reflecting the heightened concern expressed by local officials after the attack. The broader wave of DDoS activity also affected other municipalities on Monday, with Horsens, Helsingør and Vejle reported as additional targets, underscoring the geographic spread of the campaign. Throughout the episode the affected entities relied on alternative communication channels to maintain service delivery while technical teams worked to mitigate the traffic overload and restore normal web functionality. The incidents concluded with the websites back online and the responsible hacker group having publicly claimed credit for the coordinated disruption.