Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

FE assesses that the pro-Russian group Z-Pentest, responsible for a destructive cyberattack against a Danish waterworks in 2024, has connections to the Russian state. They also assess that the group NoName057(16), which targeted Danish websites ahead of the 2025 municipal and regional council elections, is similarly connected. The Russian state employs both groups as part of hybrid attacks against the West, aiming to instill insecurity in these nations and punish them for their support of Ukraine.

Pro-Russia hacktivist groups like CARR, Z-Pentest, and NoName057(16) exploit poorly secured VNC connections to access OT devices in critical infrastructure, inflicting varying levels of physical damage, with a focus on water, food, agriculture, and energy sectors. Their attacks are deemed less sophisticated and lower-impact compared to APT groups.

SektorCERT reported that threat actors gained access to the networks of 22 companies involved in energy infrastructure, with 11 firms compromised immediately. The attackers utilized zero-day vulnerabilities in Zyxel firewalls, prevalent among critical infrastructure operators in Denmark.

To read the complete article, see: Security Affairs.