A previously unknown Russian cyberespionage group, known as Laundry Bear, has been linked to a significant security breach within the Dutch police that occurred in September 2024. The breach was revealed in a joint advisory from the Netherlands General Intelligence and Security Service (AIVD) and the Netherlands Defence Intelligence and Security Service (MIVD), indicating that the attackers managed to steal sensitive work-related contact information of multiple officers, including names, email addresses, and phone numbers.
The Dutch police previously reported that the attackers conducted a targeted theft of sensitive information. The advisory confirmed that Laundry Bear had accessed a police employee’s account and acquired this data through the Global Address List (GAL). It is believed that the group utilized a sophisticated pass-the-cookie attack to gain access without the need for traditional credentials, highlighting a worrying trend in cyber methods.
Vice Admiral Peter Reesink, MIVD’s director, noted that this hacker group poses an increasing threat, as they have successfully infiltrated various government agencies and private organizations globally. “Their focus appears particularly aimed at NATO member states and extensive interest in Western military supply chains,” Reesink stated, emphasizing the group’s commitment to leveraging sensitive information regarding military equipment and Western involvement in the ongoing conflict in Ukraine.
Also identified as Void Blizzard by Microsoft, Laundry Bear has been active since at least April 2024. Their operations primarily target Ukraine and NATO countries, aligning with Russian governmental objectives. The hacking group employs various tactics, including spear-phishing attacks and the use of stolen credentials to bypass security measures of targeted organizations in key sectors, including defense and healthcare. Such activities have raised alarms concerning the elevated risk to NATO member states amidst the ongoing threats posed by Russian-affiliated cyber actors.
For further insights on Laundry Bear’s tactics and implications, additional information can be found in Microsoft’s report on the group’s operations and regional impact here, and more about the breach’s implications for the Dutch police here. This incident emphasizes the ongoing vulnerabilities faced by critical infrastructure and the need for robust cybersecurity measures.