Dutch intelligence providers have recognized a beforehand unknown Russian hacking group accountable for cyberattacks on a number of Dutch organizations, together with a major breach of the nationwide police system in September 2024 that compromised work-related contact data of officers.
The Netherlands Normal Intelligence and Safety Service (AIVD) and Navy Intelligence and Safety Service (MIVD) introduced Tuesday that they’ve designated the menace actor as “Laundry Bear,” which Microsoft individually tracks as “Void Blizzard“.
The investigation revealed that the group has been conducting cyber operations in opposition to Western governments and establishments since no less than 2024, with explicit give attention to NATO member states and European Union nations.
Throughout the September assault on Dutch police, hackers gained entry to an worker account and stole work-related contact data via the International Deal with Record, together with names, e-mail addresses, telephone numbers, and in some circumstances personal particulars of a number of officers.
Laundry Bear Uncovered
The attackers probably used a “pass-the-cookie” method, exploiting stolen authentication tokens obtained via infostealer malware bought on legal marketplaces.
“We have now seen that this hacker group efficiently beneficial properties entry to delicate data from numerous (authorities) organizations and firms worldwide,” mentioned MIVD director Vice Admiral Peter Reesink.
“They’ve a particular curiosity in nations of the European Union and NATO. Laundry Bear is after details about the acquisition and manufacturing of navy gear by Western governments and Western deliveries of weapons to Ukraine”.
The cyber espionage marketing campaign extends far past the Netherlands, focusing on armed forces, authorities our bodies, protection contractors, social organizations, and IT service suppliers throughout a number of nations.
Laundry Bear has additionally performed assaults in opposition to corporations producing high-technology programs that Russia can not simply entry because of Western sanctions imposed following its invasion of Ukraine.
What makes Laundry Bear significantly regarding is their capacity to stay undetected for prolonged intervals. The group employs comparatively easy however efficient methods which are tough to tell apart from respectable community exercise.
Their operations reveal “some stage of automation” that permits them to conduct many assaults briefly timeframes whereas sustaining a excessive success charge.
Intelligence companies famous similarities between Laundry Bear’s strategies and people utilized by APT28 (also referred to as Fancy Bear), one other Russian state-sponsored group linked to the GRU navy intelligence company. Nevertheless, investigators concluded these are distinct menace actors working independently.
In an uncommon transfer, Dutch authorities determined to publicly expose Laundry Bear’s technical strategies to strengthen collective cybersecurity defenses. “We consciously select to show their strategies,” defined AIVD Director-Normal Erik Akerboom.
“This fashion, not solely governments, but additionally producers, suppliers and different targets can arm themselves in opposition to this type of espionage. This limits Laundry Bear’s possibilities of success and digital networks will be higher protected”.
The revelation underscores the escalating cyber menace panorama going through the Netherlands and its allies. Each AIVD and MIVD report investigating growing numbers of various hacker teams focusing on Dutch pursuits, with assaults rising in each frequency and complexity.
The companies warn that Laundry Bear is prone to increase its operations and develop extra subtle assault vectors sooner or later. All recognized affected Dutch organizations have been notified and supplied help in implementing protecting measures in opposition to future assaults.
Attempt in-depth sandbox malware evaluation for your SOC crew. Get ANY.RUN particular supply solely till Might 31 -> Attempt Right here
