Multiple provincial and municipal websites in the Netherlands and Belgium were temporarily disrupted on Monday due to a coordinated cyberattack claimed by the pro-Russian hacker group NoName05716. The attacks, which primarily targeted government portals, were executed via distributed denial-of-service (DDoS) techniques, flooding servers with traffic to render them inaccessible. According to reports, the group cited retaliation for military aid to Ukraine as motivation for the campaign1.
Attack Scope and Impact
The affected entities included the websites of six Dutch provinces (Groningen, Noord-Holland, Zeeland, Drenthe, Overijssel, and Noord-Brabant) and four cities (Apeldoorn, Breda, Nijmegen, and Tilburg). In Belgium, provincial sites for Limburg and Oost-Vlaanderen, along with city portals for Brussels, Liège, and Antwerp, were also impacted2. The Dutch Institute for Vulnerability Disclosure (IBD) confirmed the attacks but noted that most services were restored within hours, with no evidence of data breaches or persistent compromises3.
Technical Analysis
NoName05716, a group known for symbolic attacks against NATO allies, claimed responsibility via Telegram and X (formerly Twitter). Their post referenced Dutch financial support for Ukraine (€6 billion) and Belgian military contributions, including Caesar artillery systems4. DDoS attacks are a common tool for such groups due to their low technical barrier and high visibility. Unlike advanced persistent threats (APTs), these incidents rarely involve data exfiltration but serve as disruptive propaganda.
| Affected Country | Targeted Entities | Attack Duration |
|---|---|---|
| Netherlands | 6 provinces, 4 cities | ~3 hours |
| Belgium | 2 provinces, 3 cities | ~2 hours |
Response and Mitigation
The Belgian Cybersecurity Center confirmed the attacks but emphasized that critical infrastructure remained unaffected. Both countries employed rate-limiting and traffic filtering to mitigate the DDoS waves. For organizations facing similar threats, the following steps are recommended:
- Implement cloud-based DDoS protection services (e.g., AWS Shield, Cloudflare)
- Configure web application firewalls (WAFs) to filter anomalous traffic patterns
- Monitor network traffic for sudden spikes in requests from single IP ranges
Historical Context
NoName05716 has previously targeted NATO members supporting Ukraine, including Germany and Poland. Their operations align with Russian geopolitical objectives, though direct state sponsorship remains unconfirmed5. The group’s tactics prioritize psychological impact over technical sophistication, often leveraging publicly available DDoS tools.
This incident underscores the need for robust DDoS mitigation strategies, particularly for government entities. While the immediate impact was limited, such attacks can erode public trust and disrupt essential services during critical periods.
References
- “Websites van provincies en gemeenten doelwit van Russische cyberaanval,” NU.nl, 2025.
- “Websites Nederlandse provincies en gemeentes onbereikbaar door cyberaanval,” Tweakers, 2025.
- “Provincie- en gemeentesites onbereikbaar door aanval pro-Russische hackers,” Oost.nl, 2025.
- “DDoS-aanval pro-Russische hackersgroep valt provinciewebsites aan,” VRT NWS, 2024.
- Reddit discussion on NoName05716’s historical attacks, 2025.
