Denmark’s intelligence services reported no evidence of foreign state interference in this week’s parliamentary election, a stark contrast to the sustained cyberattacks that plagued municipal elections just four months earlier. The quiet outcome surprised observers who expected Russia to exploit the campaign, but analysts say limited resources and competing priorities likely kept the hackers focused elsewhere.
The assessment came Tuesday from the Danish Defence Intelligence Service, the Police Intelligence Service, and the Agency for Civil Protection and Emergency Planning. Their joint statement was unequivocal. They had not uncovered foreign state influence activity during the election campaign or voting day.
That conclusion stands in sharp relief against warnings issued just weeks before the vote. In late February, the same agencies published a threat assessment stating that foreign states could attempt to influence the election through disinformation, cyberattacks on infrastructure, or threats targeting candidates and parties. Russia topped the list of concerns, driven by Denmark’s military support for Ukraine and its strategic position in Arctic security.
From Alarm to All Clear
The warnings were not hypothetical. During the November 2025 municipal and regional elections, pro-Russian hacker group NoName057(16) launched distributed denial of service attacks that knocked offline the websites of multiple Danish municipalities, political parties, and even a defense contractor. The group claimed responsibility publicly on Telegram. Denmark later formally attributed those attacks to Russian state-linked actors.
But this time, the hackers looked elsewhere. DR Verificerer tracked NoName057(16)’s Telegram channels throughout the campaign period. In early 2026, the group announced multiple attempted attacks on Danish targets. Then Iran was struck by Israel and the United States on February 28, and the group’s focus pivoted sharply. For weeks, their posts highlighted Israeli websites as primary targets.
Only on the evening before election day and on March 24 itself did NoName057(16) return briefly to Denmark. They named the Radical Left party website and the Danish Energy Agency as targets. Radical Left confirmed in a text message that it experiences overload attacks regularly, but security measures have so far thwarted them. The Energy Agency acknowledged a DDoS attack on election day.
No other major incidents were reported. DR Verificerer contacted all parliamentary parties during the campaign. None observed increased attack activity.
Resource Constraints and Strategic Choices
Mikkel Storm Jensen, a military analyst at the Danish Defence Academy, attributes the relative calm to finite capacity. These groups want to project omnipresence, he said, but they cannot be everywhere at once. They must prioritize targets.
The Middle East offered more immediate propaganda value in late February and March. Denmark has faced relentless cyberattacks in recent years, but the geopolitical spotlight had shifted. Russia’s cyber proxies followed.
Still, the intelligence services noted that a small number of social media profiles with links to Russian online communities shared distorted statements about Danish politicians during the campaign. The agencies did not specify which profiles or statements. They assessed that the people behind these accounts understood Danish public debate and used that knowledge to spread pro-Russian messages. Reach remained limited.
DR Verificerer documented one such channel during the campaign. The Telegram account “Danskeren rundt om hjørnet” spread false claims that Denmark’s debate over wealth taxation stemmed from an empty treasury drained by aid to Ukraine. The channel frequently posted AI-generated images linking Danish politicians to Volodymyr Zelenskyy.
Greenland and the Wider Information War
The intelligence agencies also flagged disinformation about the Kingdom of Denmark, particularly Greenland, that achieved significant reach in some cases. They provided no examples. However, Greenland’s foreign affairs minister, Vivian Motzfeldt, was tricked during the campaign into a fake video meeting with Russian pranksters Vovan and Lexus. The duo has previously targeted Danish Foreign Minister Lars Løkke Rasmussen.
Storm Jensen said the Greenland incidents did not penetrate the Danish campaign in a meaningful way. They became known primarily because Danish and Greenlandic media covered them, not because they organically shaped voter perceptions.
That assessment aligns with broader European patterns. Germany, Hungary, and Slovenia all reported foreign interference concerns during recent elections, but documented impact on voter behavior remains elusive. Influence operations create noise and generate headlines. Proving they sway outcomes is far harder.
A Contrast That Raises Questions
The contrast between November 2025 and March 2026 is striking. Four months ago, NoName057(16) executed a coordinated multi-day assault on Danish democratic infrastructure. This time, the same group posted a few messages and moved on. Denmark was spared sustained disruption not because defenses improved dramatically, but because attackers had other priorities.
That creates an uncomfortable reality. Democratic resilience in this case rested partly on luck and partly on adversaries’ strategic calculations. The threat has not disappeared. It has simply paused or redirected.
Denmark attributed the November municipal election attacks to Russian state-linked groups in December 2025, naming NoName057(16) explicitly. Defence Minister Troels Lund Poulsen announced plans for new cyber surveillance networks and online operations centers. Those measures are being built now. They were not in place for this election.
PET and the Defence Intelligence Service had warned in their pre-election assessment that Russia constituted the primary intelligence threat to Denmark. That judgment was based on years of pattern analysis and Denmark’s substantial military support for Ukraine, which has made the country a strategic interest for Moscow. The agencies also noted that China represents a potential long-term challenge, with authoritarian states like Iran, Turkey, and Saudi Arabia conducting intelligence activities in Denmark on a smaller scale.
The March 24 election proceeded without systematic interference. The agencies confirmed it. But the infrastructure that could deliver such interference remains intact, the motivations that drive it have not changed, and the operational tempo can shift with geopolitical winds. Denmark got through this one relatively clean. The next test is already on the horizon.
Sources and References
The Danish Dream: Denmark Under Siege: Cyberattacks Hit Hospitals, Cities
The Danish Dream: Russian Hackers Target Denmark in Cyber Attack Threat
The Danish Dream: Denmark Faces Relentless Cyberattacks in 2025
The Danish Dream: Security in Denmark for Foreigners
DR: Efterretningstjenester om valget: Ingen tegn på fremmed statslig påvirkning
