Dutch Municipal Websites Targeted by Pro-Russian Hackers During NATO Summit
As world leaders gathered in The Hague for the NATO Summit, a suspected politically motivated cyberattack disrupted public-facing infrastructure in the Netherlands. The pro-Russian hacktivist group NoName057(16) has claimed responsibility for a distributed denial-of-service (DDoS) attack against NotuBiz—a key IT provider serving Dutch municipalities and political institutions.
The timing of the attack coincided with intense security preparations for the summit, which has drawn roughly 9,000 guests, including government leaders from 45 countries, 6,000 diplomats, and more than 2,000 journalists. With over 27,000 police officers deployed, The Hague is currently one of the most heavily secured cities in the world.
While the summit focused on major geopolitical developments—such as NATO’s agreement to raise defense spending to 5% of GDP, with 1.5% earmarked for cybersecurity and infrastructure—hackers were quietly exploiting the event’s visibility to cause disruption.
Attack Impacts Access to Official Dutch Documents
NoName057(16) announced the cyberattack on its Telegram channel, stating it had targeted multiple Dutch government domains including those of Den Bosch, Delft, The Hague, and the NATO Regional Representation in the Netherlands.
Municipal officials in The Hague confirmed the disruption. “As a result, various domains, which the municipality of The Hague also uses, were sometimes limited or inaccessible,” a spokesperson said, noting a significant uptick in traffic reported by their external service providers.
The primary target, NotuBiz, acknowledged the incident and confirmed that their firewall systems successfully filtered out the flood of malicious traffic. However, users still experienced long delays when trying to access critical documents on municipal websites.
Hacktivist Group NoName057(16) Tied to Previous State-Linked Disruptions
NoName057(16) is a well-known pro-Russian hacktivist group that has previously claimed attacks on institutions in Ukraine, Belgium, Italy, and the Netherlands. The group frequently targets organizations it accuses of having anti-Russian agendas. While its exact ties to state actors remain unclear, its operations align with broader Russian disinformation and cyber disruption strategies.
This most recent campaign further demonstrates the use of DDoS attacks as a low-cost, high-visibility tactic to interrupt digital infrastructure during major global events.
Ongoing Threats Underscore the Need for Resilient Cyber Defense
The DDoS attack on Dutch municipal systems highlights a growing trend—state-linked or ideologically driven threat actors are increasingly targeting public infrastructure and critical digital services to sow disruption. While these attacks may not always involve data theft or ransomware, the operational impact can be severe, especially during high-profile events.
Organizations that depend on uninterrupted access to digital systems must ensure they have reliable contingency plans in place. When public portals or backend services go down—whether from DDoS attacks, ransomware, or internal failures—the ability to recover quickly and securely is non-negotiable.
Looking for a trusted recovery solution?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
