Russian hackers are behind the theft of personal data of tens of thousands of Dutch police officers. They have also hacked other organizations in the Netherlands.
That’s what the General and Military Intelligence and Security Service (AIVD and MIVD) conclude.
In September 2024, the Dutch National Police revealed that contact information for over 65,000 police officers was stolen from an Exchange server using a pass-the-cookie attack. This is an attack in which a threat actor poses as the owner of a cookie. The cookie was likely stolen using infostealer malware, possibly operated by a third party, and was then bought by hackers via a criminal marketplace.
"This is another reminder that the criminal ecosystem is a powerful force multiplier for Russian cyber espionage actors. They routinely make use of the accesses that are developed through the normal course of criminal activity." - John Hultquist, Chief Analyst, Google Threat Intelligence Group.
A so-called Global Address List (GAL) was stored on the Exchange server, containing personal information like full names, email addresses, phone numbers, and job positions of police officers, as well as partner organizations like law firms and the Public Prosecution.
For a long time, it remained a mystery who was responsible for the massive data breach. Thanks to the Dutch intelligence services AIVD and MIVD, we now have an answer.
According to the intelligence agencies, Russian hackers carried out the attack. The threat actor involved is called ‘Laundry Bear.’
Laundry Bear uses tactics, techniques, and procedures (TTPs) that have allowed them to stay under the radar for a long time.
“We have seen that this group successfully gains access to sensitive information from a large number of government organizations and companies worldwide. They have a specific interest in countries of the European Union and NATO. Laundry Bear is after information about the purchase and production of military equipment by Western governments and Western deliveries of weapons to Ukraine,” MIVD Director Peter Reesink says in a statement.
The intelligence services have deliberately chosen to expose the methods of the Russian hackers. “This way, not only governments, but also manufacturers, suppliers, and other targets can protect themselves against this form of espionage. This limits the chances of success of Laundry Bear, and digital networks can be better protected. This increases our national resilience,” Erik Akerboom, Director General of the AIVD, explains.
Your email address will not be published. Required fields are markedmarked