🇷🇺 RU

The White Pulse

Also known asThe White Pulse

The White Pulse is a member of the Russian hacktivist alliance Russian Legion. Public reporting cited in the provided content states that Russian Legion was announced on January 27, 2026 and is led by Cardinal; its membership includes Cardinal, The White Pulse, Russian Partizan, and Inteid. In that reporting, Russian Legion threatened and conducted disruptive activity against Denmark under the banner "OpDenmark," using DDoS attacks against Danish companies and public organizations and repeatedly referencing the energy sector. The alliance used Telegram to issue threats and ultimatums tied to Denmark’s military aid to Ukraine, warned that DDoS was only an initial phase, and used psychological operations such as posting screenshots of disrupted sites to amplify fear and media attention. Truesec assessed Russian Legion as likely state-aligned but not state-funded, operating independently while supporting Russian geopolitical objectives. Based on the provided content, The White Pulse is identified as part of this Russian hacktivist coalition; no additional distinct aliases or subgroup information for The White Pulse are provided beyond its membership in Russian Legion.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Where they target

Geographies tied to known operations.

🇩🇰 Denmark

Where they're from

Attributed origin per open-source reporting.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

industrialcyberNews

Feb 3, 2026

Truesec flags ‘OpDenmark’ cyber threat as Russian Legion issues large-scale attack warning against Denmark - Industrial Cyber

Named member of the Russian Legion alliance threatening cyberattacks against Denmark.

cyber security newsNews

Feb 2, 2026

Russian Hacker Alliance Targeting Denmark in Large-Scale Cyberattack

Member group within the Russian Legion alliance participating in the coordinated “OpDenmark” DDoS pressure campaign against Denmark.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.