BadeSaba
February 28, 2026
•[ hacking, hacktivism, propaganda ]
BadeSaba, a religious calendar app with more than 5 million downloads, was hacked to display anti-regime messages to users. The compromised app showed propaganda urging armed forces to surrender and join the people.
IRNA
February 28, 2026
•[ hacktivism, website defacement, political messaging ]
IRNA was hacked to display political messages during the same campaign that affected BadeSaba. Reporting says multiple Iranian news websites were compromised, and this row captures IRNA as one named victim.
Russian military drone operators
February 21, 2026
•[ data leak, monitoring systems, drone operators ]
Ukrainian hacktivists from the Fenix cyber analytics center, supported by volunteers of the InformNapalm international intelligence community, compromised accounts of Russian military personnel and gained access to monitoring systems used by attack drone operators.
Greenland government-related websites (multiple)
February 20, 2026
•[ DDoS attack, hacktivism, service disruption ]
Greenland media reported that several Greenlandic websites were hit by DDoS attacks on February 20, 2026. Naalakkersuisut stated it was monitoring the situation and assessed that the attacks were not dangerous or harmful to data, but could disrupt availability for short periods. Separate reporting around the same incident attributed the DDoS activity to the pro-Russian hacktivist collective NoName057(16). The confirmed primary effect described is temporary service availability disruption rather than data theft.
Greenland websites (multiple) during Danish/Greenland context
February 20, 2026
•[ DDoS, hacktivism, cyberattack ]
Portuguese-language reporting (from wire coverage) described Denmark denouncing multiple cyberattacks against websites in Greenland, characterized as distributed denial-of-service (DDoS) incidents. The reporting stated the activity was attributed to the pro-Russian hacktivist group NoName057(16) and occurred amid heightened geopolitical attention around the Arctic. The coverage emphasized availability disruption rather than data compromise, indicating the main impact was temporary unavailability or degraded access to targeted public-facing sites.
Ersten Group
February 9, 2026
•[ stalkerware, data leak, scraping ]
A hacktivist scraped more than half-a-million payment records from a provider of consumer-grade stalkerware phone surveillance apps, exposing customer email addresses and partial payment information. The records include payments for phone-tracking services like Geofinder and uMobix and social-media monitoring services like Peekviewer, and the dataset also includes transaction records from Xnspy. The incident is a data exposure affecting customers who paid for surveillance services, not necessarily the surveilled victims.
Italian security cameras
February 5, 2026
•[ DDoS attacks, hacktivism, security cameras ]
Italian reporting stated that pro-Russian hacktivist group NoName057(16) launched DDoS attacks connected to the digital ecosystem around the MilanCortina 2026 Winter Olympics. The reported primary effect is disruption attempts against public-facing online services linked to the event. The article also notes the group displayed content suggesting access to security cameras, but it does not provide sufficient detail to code a separate confirmed camera compromise event; the core confirmed effect described is DDoS activity against websites/services.
Ukrainian Armed Forces digital platforms (Sonata messenger)
January 26, 2026
•[ hacktivism, cyber operations, denial of service ]
Hacktivists disrupted a secure messaging platform used by the Ukrainian Armed Forces, blocking communications as part of cyber operations linked to the RussiaUkraine conflict.
Badr satellite
January 18, 2026
•[ broadcast hijacking, hacktivism, signal interference ]
The Record reported that several Iranian state television channels were briefly hijacked on Sunday (January 18, 2026), interrupting programming to air protest footage and anti-regime messages, including content associated with an exiled opposition figure. The affected channels were transmitted via the Badr satellite used to deliver provincial stations nationwide. Social media clips showed messages urging continued protests alongside solidarity footage. The incident appears to be a short-lived disruption to broadcast integrity/availability rather than a data theft event; the report did not confirm compromise of internal newsroom systems or theft of customer/employee data.
Free Speech Union (FSU)
January 9, 2026
•[ data leak, hacktivism, donor exposure ]
Cybernews reported that the UK-based Free Speech Union (FSU) was hacked by trans activists and that the names of people who donated 50 or more were publicly listed online. The dataset was made available via Distributed Denial of Secrets (DDoSecrets). The article frames the attack as politically motivated (protest/ideological retaliation) and describes the outcome as exposure of supporter identities; it does not confirm the full set of leaked fields beyond donor names and the donation-threshold context, nor does it describe service disruption at the organization.
WhiteDate
January 2, 2026
•[ hacktivism, data leak, data destruction ]
Reporting describes a hacktivist using the pseudonym Martha Root who infiltrated an extremist dating website and related sites and later demonstrated deleting them live on stage during the Chaos Communication Congress. The coverage indicates the actor used automated tools/AI chatbots to extract and download user profile information and then published the acquired dataset. As described, the incident combined disruptive impact (site/service deletion) with unauthorized access and data acquisition affecting site users.
Mallorca Public Transport System
November 25, 2025
•[ ddos, hacktivism ]
Security reporting described a claimed DDoS attempt attributed to the pro-Russian hacktivist collective NoName057(16) targeting public-facing transport websites linked to Mallorcas TIB. Available reporting indicated analysts believed the group attempted to overload public web endpoints with DDoS traffic, but no verified outages or service interruptions were observed for TIB platforms, and there were no reported impacts on trains, buses, or metro operations.
Donbas Post
November 24, 2025
•[ hacktivism, wiper attack, data destruction ]
Ukrainian Cyber Alliance claimed responsibility for wiping Donbas Post's systems in Russian-occupied Ukraine, deleting data from over 1,000 workstations and dozens of servers, disrupting web, email, and corporate operations.
Department of the Interior and Local Government (DILG)
November 23, 2025
•[ data leak, hacktivism ]
Hacktivist group HappyGoLuckyPH claims to have infiltrated the Philippine Department of the Interior and Local Governments intranet and exfiltrated about 400GB of internal government data, including personal and financial details of roughly 10,000 employees and contractors, while DILG publicly states it is still verifying the alleged breach and says core systems remain stable; despite the ongoing verification, the combination of leaked samples and size claims is treated here as a successful cyberattack involving significant data theft.
Venstre
November 17, 2025
•[ ddos, hacktivism, political ]
A DDoS attack attributed to NoName057(16) temporarily disrupted Venstres website on the eve of Denmarks municipal and regional elections.
Socialdemokratiet
November 17, 2025
•[ ddos, hacktivism, service disruption ]
A DDoS attack attributed to NoName057(16) temporarily disrupted the Social Democrats website on the eve of Denmarks municipal and regional elections.
Det Konservative Folkeparti
November 17, 2025
•[ ddos, hacktivism, service disruption ]
A DDoS attack attributed to NoName057(16) temporarily disrupted the Conservative Peoples Party website ahead of Danish local and regional elections.
Danmarksdemokraterne
November 17, 2025
•[ ddos, hacktivism, service disruption ]
A DDoS attack attributed to NoName057(16) temporarily disrupted the Denmark Democrats website on the eve of Danish municipal and regional elections.
The Copenhagen Post
November 17, 2025
•[ ddos, hacktivism, denial-of-service ]
A DDoS attack attributed to NoName057(16) temporarily disrupted The Copenhagen Posts website during coordinated attacks on Danish political organizations.
Sund & Bælt
November 14, 2025
•[ denial of service, hacktivism ]
On November 14, 2025, the Storeblt website operated by Sund & Blt was rendered inaccessible due to an external denial-of-service attack. Sund & Blt confirmed the DDoS incident, and DR reported that the pro-Russian hacktivist group NoName057(16) claimed responsibility on Telegram as part of a broader campaign targeting Danish entities. No data loss occurred.
