Dutch authorities accuse Russian hackers of orchestrating cyber-attacks on the country's police force.
Dutch Intelligence Services Identify Russian Cyber Espionage Group in Police Hack
The Netherlands General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) have linked a previously unknown Russian hacker group, Laundry Bear, to cyberattacks against the Dutch police last year.
Peter Reesink, the military intelligence chief, confirmed that the group has successfully accessed sensitive information from numerous government organizations and companies worldwide. The group's focus primarily targets EU and NATO countries.
Investigations have suggested Laundry Bear's ties to the Russian state. The group, active since at least April 2024, is known for discreetly obtaining and stealing information, differentiating itself from other Russian threat actors by prioritizing stealth and data theft over disruptive or destructive attacks.
The attack on the Dutch police in September 2024 was part of a larger campaign targeting Western states, according to intelligence services. The breach occurred through an infostealer malware infection on a police employee's device, resulting in the theft of session cookies, VPN credentials, and the Global Address List—a directory containing contact information for all Dutch police staff.
Recent investigations have revealed that Laundry Bear targets a broad range of Western institutions, including NATO and EU government institutions, defense contractors, and businesses involved in advanced technologies. They are primarily interested in gathering sensitive information related to military procurement, production, and deliveries to Ukraine, as well as acquiring advanced technology restricted by Western sanctions.
The group employs "living-off-the-land" tactics, using tools and features already present on victims’ systems to evade detection. They also utilize stolen credentials, cloud APIs for data extraction, and spear-phishing with typosquatted domains to expand their foothold. Their quick-paced, automated operations and use of common, hard-to-detect attack vectors contribute to their high success rate.
- The Laundry Bear hacker group, identified by Dutch Intelligence Services in a police hack incident, is known to prioritize stealth and data theft over disruptive or destructive attacks.
- Cybersecurity experts have linked the Russian-linked Laundry Bear group to attacks on numerous government organizations and companies worldwide, with a focus on EU and NATO countries.
- The recent investigations reveal that Laundry Bear targets a broad range of Western institutions, including NATO and EU government institutions, defense contractors, and businesses involved in advanced technologies, primarily seeking sensitive information related to military procurement, production, and deliveries, as well as acquiring advanced technology restricted by Western sanctions.
