Pro-Russian Hacktivist DDoS Attacks Target Belgian Telecom Sector
Pro-Russian hacktivist group NoName057(16) claimed responsibility for distributed denial-of-service (DDoS) attacks that briefly disrupted the websites of Belgian telecom operators Proximus and Scarlet. The attacks, which occurred on a Wednesday morning, were detected and mitigated quickly by Proximus technicians, resulting in minimal impact. NoName057(16) also claimed to have targeted an internal Telenet portal, but Telenet denied any disruption or compromise. Ghent University Hospital was also affected by a DDoS attack around the same time, though there is no confirmation of a direct link to the telecom incidents.
The attacks are part of a broader campaign announced by a coalition of eight hacktivist groups with pro-Russian and pro-Palestinian affiliations, which have threatened to target Belgium’s internet infrastructure with DDoS operations and potential data exposure. While the coalition itself has not issued operational claims or demonstrated verifiable activity, NoName057(16) continues to act independently, maintaining a pattern of targeting Belgian entities. The campaign is expected to persist, with further DDoS attempts and possible claims of data exposure anticipated in the near future.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Pro-Russian hacktivists launch coordinated DDoS attacks on Belgian telecom sites
A coordinated hacktivist campaign targeted Belgium, with pro-Russian actors launching distributed denial-of-service attacks against Belgian telecommunications websites. The activity was reported as part of a broader threat focus on Belgian organizations.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
NoName057(16) DDoSia Campaigns Targeting Belgium and NATO Entities
Pro-Russian hacktivist group NoName057(16) conducted a large-scale distributed denial-of-service (DDoS) campaign between December 8 and 14, 2025, primarily targeting organizations in Belgium and Ukraine. The campaign, orchestrated using the group's proprietary DDoSia tool, resulted in over 4,400 recorded attacks against 155 unique domains and 144 IP addresses, affecting both private sector infrastructure—such as telecommunications, utilities, and industrial organizations—and high-value government and defense-related services. The attacks also impacted European Union institutions and international organizations, highlighting the group's broad targeting scope and operational reach. NoName057(16) is a pro-Russian hacktivist collective with origins linked to the Kremlin-backed Centre for the Study and Network Monitoring of the Youth Environment (CISM). The group leverages Telegram for coordination and GitHub for tool distribution, and has expanded its influence through collaborations with other pro-Russian groups, including the Cyber Army of Russia Reborn (CARR). Their operations have increasingly focused on NATO member states and adversaries of Russian geopolitical interests, with the DDoSia tool serving as a central component in mobilizing and executing attacks against critical infrastructure and government entities across Europe.
Mar 21, 2026Coordinated DDoS activity targeting government infrastructure in Europe and Russia
A sustained DDoS campaign attributed to **NoName057(16)** used the **DDoSia** tool to generate **6,649** recorded attack entries between Feb. 23 and Mar. 1, targeting **126 domains** and **135 IPs** with a multi-country focus on **Denmark, Greenland, and Ukraine**. Reported targeting emphasized public-sector services (about **44%** of attacks), alongside Ukrainian defense industry, tourism/travel (notably tied to Greenland’s economy), and transportation infrastructure; most traffic was directed at `443/tcp` (HTTPS). The activity aligns with politically motivated disruption tied to Denmark’s support for Ukraine and heightened Arctic sovereignty tensions involving Greenland. Separately, Russia’s internet regulator **Roskomnadzor** and the **Russian Defense Ministry** reported a “complex multi-vector” DDoS that briefly disrupted multiple government websites and related infrastructure, including systems of the **Main Radio Frequency Center (GRFC)**. Russian authorities said the attack was contained, but user reports indicated intermittent access issues persisted for days; the responsible actor was not identified and no public claim of responsibility was noted at the time of reporting. A ransomware “state of the month” roundup covering February incidents is not directly related to these DDoS events and should be treated as separate reporting.
Mar 21, 2026
Coordinated Pro-Russian DDoS and Cyberattacks Targeting Denmark
The Danish Defence Intelligence Service (DDIS) publicly attributed two major cyber incidents to Russian-linked actors: a cyberattack on a Danish water utility in 2024 by the group Z-Pentest, and a series of distributed denial-of-service (DDoS) attacks on Danish websites ahead of the municipal and regional council elections, attributed to NoName057(16). These attacks targeted critical infrastructure and government services, raising concerns about the security of essential services and the integrity of democratic processes in Denmark. The DDIS highlighted the connection between these threat actors and the Russian state, underscoring the geopolitical motivations behind the campaigns. In December 2025, threat intelligence analysis revealed a significant escalation in DDoS activity against Denmark, with NoName057(16) and their DDoSia project orchestrating 4,559 attacks against 148 unique domains and 137 IP addresses, primarily focusing on government, energy, telecommunications, and transportation sectors. The campaign also extended to Ukraine and other countries, but Denmark was a primary target, with municipal and local government websites bearing the brunt of the attacks. The use of port 443 (HTTPS) as the most targeted vector indicates a focus on disrupting secure web services critical to public administration and infrastructure.
Mar 21, 2026