DDoS Attacks During NATO Summit: Coincidence or Geopolitical Tactic?
On Monday, June 23, 2025, several Dutch municipalities and public organizations were hit by DDoS attacks aimed at disrupting their online services. The National Cyber Security Centre (NCSC) confirmed that these attacks were claimed by the pro-Russian hacker group NoName057(16) and that they appear to have an ideological motive. The group also claimed responsibility via Telegram for attacks on the NATO office in the Netherlands and digital portals of the municipality of The Hague, including web services that were allegedly connected to NATO's coordination infrastructure.
According to cybersecurity firm Check Point, this attack fits into a broader wave of politically motivated cyber activity targeting NATO member states. The DDoS campaign explicitly aims to create confusion and undermine trust in public services. While some municipal websites were temporarily inaccessible, essential services in The Hague remained operational.
The government meanwhile implemented an increased security operation, called Orange Shield, in response to the threat. At the same time, reports emerged of network outages at Odido and its subsidiaries Simpel and Ben – a striking coincidence during a time of heightened geopolitical tension.
What is a DDoS Attack – and Why Are They So Effective?
A Distributed Denial-of-Service (DDoS) attack aims to overload online services, servers, or network equipment. This causes websites and digital systems to become temporarily slow or inaccessible. For users, this means login issues or no access to necessary information. For organizations, it can lead to a disruption of services.
Notably, a DDoS attack does not require data theft or system breaches. The power lies in its simplicity and scalability. By temporarily making public access impossible, significant damage is still inflicted – especially on vital or public infrastructure.
DDoS attacks have been on the rise for years, as previously analyzed in this 2020 article, which warned of the need for continuous monitoring and preparedness.
Outage at Odido: Cyber Incident or Poor Timing?
On Wednesday, June 25, telecom provider Odido was hit by two major network outages. The first began around 09:00 and seemed to be resolved shortly after 11:00. However, while redistributing network traffic, a second outage occurred, causing new problems in the afternoon. This also impacted subsidiaries like Simpel and Ben, which use the Odido network.
According to Odido, there are no indications that the outages were caused by a cyber attack. The problems arose, according to the company, due to technical complications in resolving the first outage, which overloaded the network. The provider restored services in phases and reported by the end of the day that most customers were back online.
The timing of the outages – during the NATO summit and parallel to DDoS attacks on Dutch government organizations – nonetheless raises questions about the vulnerability of private networks during geopolitical tensions. Even if there is no intent, such incidents demonstrate how fragile the digital infrastructure of commercial providers can be during periods of heightened threat.
NoName057(16): DDoS as a Weapon in Digital Ideological Struggle
The DDoS attacks were claimed by NoName057(16), a pro-Russian hacker group that has been active since March 2022. The group targets countries that support Ukraine, including the Netherlands. Their primary weapon: symbolic DDoS attacks on government websites, media, and private entities. Not to cause damage to the systems themselves, but to spread political messages and sow social unrest.
NoName057(16) is part of a broader hacktivist coalition, also known as the 'Holy League', which includes groups like KillNet, UserSec, and CyberArmyofRussia. This coalition has previously targeted NATO summits and critical infrastructure in countries like Belgium, Germany, Ukraine, and Poland.
Their modus operandi fits into a broad pattern of geopolitical hacktivism, where the line between cybercrime and political sabotage blurs.
Digital Warfare: How Cyber Attacks Are Used as a Power Play
The actions of NoName057(16) fit into the broader framework of hybrid warfare: a strategy where digital attacks, disinformation, and sabotage serve as an extension of physical threat. According to cybersecurity firm Check Point, there is a coordinated campaign in which digital disruption is deliberately used to destabilize NATO countries and undermine citizen trust. "We see clear coordination across borders, aimed at generating maximum media impact and creating confusion," says Zahier Madhar, cybersecurity expert at Check Point Netherlands.
The NATO summit – symbolic, strategic, and publicly visible – thus forms an ideal target. The Netherlands plays a key role as a digital hub in Europe. This also makes it vulnerable. Both public services and private networks become part of the battleground on which geopolitical power plays unfold.
Resilience in Action: What the NCSC Is Doing Against Cyber Threats
The National Cyber Security Centre (NCSC) closely monitored the situation and collaborated with domestic and international partners. Organizations that were at risk of being targeted were proactively informed and guided.
But the responsibility does not lie solely with the government. Organizations must invest in digital resilience: think of DDoS protection, response protocols, and training staff on cybersecurity awareness.
Digital Preparedness: This Is Not a Warning, But Reality
The DDoS attacks and outages surrounding the NATO summit showed how visible, tangible, and disruptive digital threats can now be. What was once considered abstract IT concern is today a geopolitical reality.
Digital preparedness is not a luxury, but a necessity. The recent attacks demonstrate how real the threat is – and how important it is for both public and private parties to continue investing in a resilient digital infrastructure. This involves not only technical protection against DDoS attacks but also vigilance against broader tactics such as deepfakes and coordinated disinformation campaigns. In a time when the difference between fact and fiction becomes increasingly blurred, digital literacy, source criticism, and critical thinking are essential – especially in times of geopolitical tensions.
