🇷🇺 RU

Russian Partizan

Also known asRussian Partizan

Russian Partizan is a Russian hacktivist group identified as a member of the newly formed Russian Legion alliance alongside Cardinal, The White Pulse, and Inteid. The alliance was publicly announced on January 27, 2026, with Cardinal described as the lead group. In the provided reporting, Russian Partizan is mentioned as part of Russian Legion’s coordinated campaign against Denmark, including the operation branded "OpDenmark." Russian Legion used Telegram to issue threats tied to Denmark’s planned 1.5 billion DKK military aid package to Ukraine, demanded that Denmark reverse the decision within 48 hours, and threatened escalation beyond DDoS attacks if ignored. The alliance claimed DDoS attacks against Danish companies and public organizations, repeatedly referenced the Danish energy sector, and combined disruptive activity with psychological operations such as public threats and posting screenshots of affected sites. Truesec assessed Russian Legion as likely state-aligned but not state-funded, operating independently while supporting Russian geopolitical objectives. Based on the provided content, Russian Partizan is a constituent group within that Russian-aligned hacktivist alliance; no distinct aliases, sub-groups, or independently attributed operations beyond its membership in Russian Legion are directly stated.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Where they target

Geographies tied to known operations.

🇩🇰 Denmark

Where they're from

Attributed origin per open-source reporting.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

industrialcyberNews

Feb 3, 2026

Truesec flags ‘OpDenmark’ cyber threat as Russian Legion issues large-scale attack warning against Denmark - Industrial Cyber

Named member of the Russian Legion alliance threatening cyberattacks against Denmark.

cyber security newsNews

Feb 2, 2026

Russian Hacker Alliance Targeting Denmark in Large-Scale Cyberattack

Member group within the Russian Legion alliance participating in the coordinated “OpDenmark” DDoS pressure campaign against Denmark.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.