An as yet unknown Russian cyber group is behind the hacks on various Dutch organizations, including the police in September 2024. The police had work-related contact details stolen. The services have not been able to establish that other data has also been stolen.
This is evident from research by the Dutch intelligence and security services AIVD and MIVD. The services refer to the involved hacker group as Laundry Bear. The identified affected Dutch organizations have since been informed. They have also been assisted in taking measures against the hacks.
The cyberattacks against Dutch institutions are part of a larger international cyber threat from the hacker group. The research also shows that Laundry Bear has been responsible for cyber operations against Western governments and other institutions since at least 2024. They have a specific interest in armed forces, governments, defense suppliers, social organizations, and IT and digital service providers. Furthermore, Laundry Bear has conducted cyber espionage attacks against companies that produce advanced technologies. Due to current Western sanctions, Russia finds it difficult to access these.
Technical Advice Helps Resist Attacks
Laundry Bear employs techniques that are difficult to detect. This hacker group manages to remain under the radar for a long time.
“We have seen that this hacker group successfully gains access to sensitive information from a large number of (government) organizations and companies worldwide. They have a specific interest in countries of the European Union and NATO,” says MIVD director, Vice Admiral Peter Reesink. ‘Laundry Bear is after information about the procurement and production of military equipment by Western governments and Western deliveries of weapons to Ukraine.’
“We consciously choose to expose their methods,” explains AIVD Director-General Erik Akerboom. ‘We do this by making a technical advisory on the methods of Laundry Bear public. This way, not only governments but also manufacturers, suppliers, and other targets can arm themselves against this form of espionage. This reduces the success rate of Laundry Bear and better protects digital networks. This increases our national resilience.’
Sharp Increase in Cyber Threat
The AIVD and MIVD have seen an increasing number of different hacker groups attacking the Netherlands and allies in recent years. Both services need to investigate this. The threat against the Netherlands and the complexity of the attacks are therefore increasing.
The technical report is attached as an appendix.