In what’s being called the largest cyberattack on the Netherlands in two years, a pro-Russian hacker group known as NoName057(16) launched a sweeping digital offensive this week, taking down more than 57 Dutch websites. Netherlands National Cyber Security Centre (NCSC) is closely monitoring the situation.
According to Dutch broadcaster NOS, the wave of attacks began on Monday, April 28th, hitting local government websites in cities like Apeldoorn, Nijmegen, Breda, and Tilburg—many of which went temporarily offline.
The majority of the attacked websites were .nl domains, alongside several .com websites belonging to major Dutch companies such as truck manufacturers VDL and DAF, and travel operator Corendon. This expanded scope indicates a deliberate attempt by NoName057(16) to move beyond governmental platforms and strike at commercial entities with high public visibility. According to the NCSC, this pattern aligns with the group’s strategy of punishing nations that have shown material or political support for Ukraine.
NoName057(16) surfaced not long after Russia’s invasion of Ukraine in 2022 and has previously gone after NATO-aligned defense contractors and logistics companies. This marks the first time in nearly a year that the group has set its sights on the Netherlands. Their stated reason? Retaliation for the Dutch government’s €3.5 billion in aid to Ukraine.
The attacks were DDoS in nature—short for Distributed Denial-of-Service—where websites are deliberately flooded with fake traffic to overload servers and prevent legitimate access. These aren’t the kind of cyberattacks that involve hacking into systems or stealing sensitive data; they’re more about disruption than infiltration.
French cybersecurity researcher Amaury Garçon, who’s been tracking the group, told NOS that these attacks are more about visibility than destruction. “They look for moments when they can shine a spotlight on themselves,” he said. “It’s less about long-term damage and more about making headlines.”
Indeed, the group is known for sharing screenshots of their handiwork on Telegram, showing off which targets they’ve hit and how much media buzz they’ve generated.
The NCSC has labeled NoName057(16) a “Russian actor” with clear ideological motivations. While the center views most of their attacks as low-level nuisances—akin to digital prank calls—it also warns that larger, more coordinated DDoS campaigns can be part of a more serious playbook used by hostile states or organized cybercrime networks.
Provinces affected in this latest attack include Drenthe, Groningen, Noord Brabant, Noord Holland, and Overijssel. Though these actions may seem largely symbolic, Dutch authorities caution that the situation could escalate, putting national digital infrastructure at real risk.
