Content
During the NATO summit, 27,000 police officers physically protected The Hague, but they were powerless against digital attacks. What is currently happening in the Netherlands is a prime example of a new era of politically motivated cyberattacks that systematically threaten democratic processes.
NATO summit as the perfect backdrop for cyber warfare
While the heads of state and government of 45 countries gathered in The Hague for the NATO summit, the pro-Russian hacker group NoName057(16) used the major political event as motivation for a coordinated cyber offensive. The attackers specifically targeted the NATO Regional Representation in the Netherlands and several municipalities and provinces, including Den Bosch, Delft, and The Hague.
The attack on NotuBiz, an IT service provider for municipalities and political institutions, temporarily rendered important documents inaccessible. As a result of the attack, various domains used by the municipality of The Hague were temporarily restricted or unavailable.
Systematic waves of attacks in the Netherlands
In 2024 and 2025, the Netherlands was the scene of an unprecedented series of politically motivated cyberattacks that revealed a clear pattern of state-sponsored digital retaliation.
EU elections as the first target
Back in June 2024, the pro-Russian hacker group HackNeT used the EU parliamentary elections to launch a coordinated cyber offensive against Dutch political party websites. The documented figures reveal the massive scale of these attacks: over 1 billion HTTP requests had to be fended off every day, with individual websites being bombarded with up to 115 million requests per hour.
The four-hour waves of attacks on June 5 and 6 demonstrated for the first time the full potential of large-scale botnet infrastructures against democratic processes.
Education sector under constant attack
In January 2025, the situation escalated dramatically when DDoS attacks paralyzed the Dutch education sector. SURF, the IT organization for universities, reported massive disruptions caused by a DDoS attack that brought the universities’ shared network to a standstill.
Maastricht University reported campus WiFi and VPN services down, while Tilburg and Utrecht were also severely affected. At the same time, the DigiD system was attacked – Logius, the government agency responsible for digital identities, confirmed the attack and attributed the outages to the sheer volume of traffic, which overwhelmed the system’s defenses.
Retaliation for aid to Ukraine
The political motivation became unmistakably clear in April 2025, when NoName057(16) systematically attacked Dutch provinces. The hacker group explicitly justified its attacks with the Netherlands’ aid to Ukraine: The Netherlands had sent €6 billion in military aid to Ukraine in February and allocated a further €3.5 billion for 2026.
According to NoName057(16), this meant that the authorities had to cut the budget for education and research by €1.2 billion. The attacks specifically targeted the provinces of Drenthe, Groningen, North Brabant, North Holland, and Overijssel, as well as cities such as Gouda, Tilburg, Almere, Breda, Apeldoorn, Haarlemmermeer, and Enschede.
NATO summit as the climax
The series of attacks reached its preliminary climax during the NATO summit in The Hague, when NoName057(16) targeted the NATO Regional Representation and strategically important municipalities. The attack temporarily rendered important government documents inaccessible and demonstrated the vulnerability of democratic infrastructures.
These waves of attacks reveal a new quality of hybrid warfare: every geopolitical event is systematically exploited for cyberattacks to disrupt democratic processes and exert political pressure.
BKA situation report confirms dramatic trend
The latest figures from the BKA’s 2024 cybercrime situation (German Police Agency) report confirm a worrying development: hacktivist DDoS attacks are rapidly increasing and cybercriminals are increasingly targeting the websites of public administrations and authorities.
Dramatic damage figures
- €178.6 billion in damage caused by cyberattacks in Germany
- Three quarters of all damage is caused by cyberattacks
- 201,877 cybercrime offenses committed abroad – 31.4% of all offenses committed abroad are cybercrime offenses
- Clearance rate only 32% for cybercrime offenses
Germany already in the crosshairs
The BKA documents specific attacks and reports that the websites of the state government, the state police, and the state office for the protection of the constitution of Mecklenburg-Western Pomerania were only partially accessible for several hours due to DDoS attacks. The pro-Russian hacktivist group NoName057(16) claimed responsibility for the attacks via Telegram.
Digitalization of geopolitical conflicts
A key finding of the BKA’s assessment is the increasing spread of geopolitical conflicts into the digital space. The perpetrators can be divided into two main camps: pro-Russian or anti-Israeli, with their motivation stemming from geopolitical conflicts that have been increasingly transferred to the digital space since 2022.
Technical realities: simple but effective
Low barriers to entry
The Dutch IBD (“Informatiebeveiligingsdienst,” or “Information Security Service”) notes that DDoS attacks are relatively easy to carry out due to readily available tools and therefore do not require much technical expertise. The consequences remain limited, as the underlying systems are not affected.
Focus on symbolic effect
According to the IBD, the impact of DDoS attacks is often limited and symbolic. Groups behind DDoS attacks use strong rhetoric to generate attention for their digital attack and political goals, often spreading it via social media.
Massive infrastructure required
The documented attacks are only possible through botnets with tens of thousands of coordinated devices, similar to the networks that were dismantled in Europol’s Operation Endgame.
Learn more about a GDPR-compliant, cloudbased and patented DDoS Protection that delivers, what it promises.
BKA warns of AI-assisted cyber attacks
The federal situation report predicts a further escalation of the threat situation as artificial intelligence is increasingly used for cybercriminal activities. The BKA expects AI-supported crimes to become even more prevalent in the future. AI can not only make cyberattacks more professional, but also enable them to reach a wider scope and higher level of criticality through automation.
What democratic states must do now
In light of the escalating DDoS threat, as currently observed in the Netherlands, organizations must fundamentally rethink their cyber defense. Analysis of the systematic waves of attacks reveals specific requirements for effective protection:
- DDoS protection solutions: Professional mitigation services are essential for robust protection of digital infrastructure
- Redundant systems: Multi-layered firewall architectures have proven effective in traffic filtering
- Monitoring: Early detection of anomalous traffic patterns for timely response
Conclusion
The systematic attacks on the Netherlands reveal a new quality of hybrid threats, one that is no longer purely theoretical. Politically motivated DDoS attacks have become the digital weapon of choice for state-sponsored or ideologically motivated actors.
Link11 is ready when the next attack strikes. Because one thing is certain: the question is not if, but when the next attack will come.
Share this post
