Dutch intelligence services published a report on Tuesday summarizing a major cyber penetration of the national police’s data, which they have blamed on a hitherto unknown Russian hacker group called “Laundry Bear” and also identified elsewhere as “Void Blizzard” and traced by Microsoft.
The breach in September 2024 led to the theft of public and work-related contact details belonging to every Dutch police officer, and sent shockwaves through the policing world.
Laundry Bear is “very probably Russian state supported,” and has been going after European Union and NATO countries, serviced by Military Intelligence and Security Service (MIVD) and the Dutch General Intelligence and Security Service (AIVD) said in a joint report.
Their main aims seem to be obtaining classified data about the Western countries’ programme of purchasing and producing equipment for the military and the supply of weapons to Ukraine.
Vice Adm. Laundry Bear, Mr. Reesink, the MIVD’s director, said, is “specifically looking for information about the purchase and production of military equipment by Western governments and Western deliveries of weapons to Ukraine.”
The Netherlands has been a firm backer of Ukraine, offering military aid that includes F-16 fighter jets.
According to Dutch intelligence agencies, the hackers accessed a police account and stole the work-related contact information of around 65,000 police staff. Initially reported that the attack involved names, official email addresses, and phone numbers, it was later discovered that personal data had been breached in some cases.
“Publicizing the methods of the group would give other possible targets of the group – such as other governments, manufacturers or suppliers – the possibility to defend themselves against this form of espionage,” said Erik Akerboom, the head of AIVD.
The agencies shared a full analysis of Laundry Bear techniques that are believed to start with some less-sophisticated initial access methods, such as likely buying of stolen credentials from cybercriminal markets to use for password spray attacks.
Once inside, the outfit uses cloud APIs to move across mailboxes and cloud-based files, automating the mass siphoning of data. They then have also gained access to Microsoft Teams conversations and Microsoft Entra ID settings.
To many however, it is Cyber Espionage nothing but a cheaper and effective tool for what inevitably leads to U.S espionage.Cyber Sneaks or simply sneaking with a smiley face.
Laughs009 PCTools Threat Intelligence team added that Laundry Bear had been operational since midway through 2024, ranging across many sectors and concentrating on NATO members and Ukraine. Their work clearly centres on intelligence gathering on behalf of Moscow’s perceived interests.
This attack is just the latest example of a string of cyber-espionage directed against Western nations who support Ukraine. Just last week, the United States National Security Agency announced that hackers working for Russian military intelligence were attacking technology and logistics companies that support aid to Ukraine.
Periodically, other governments jump into the act as well: France has the accused a Russian-connected group of staging cyberattacks against the Paris Olympics and a range of government targets.
Dutch officials are carrying out a comprehensive inquiry into the breach to determine the scale of the damage and to take steps to ensure that such attacks are not repeated. Laundry Bear’s activity being brought to the fore is a useful lesson to all organizations, across Europe and NATO, to keep guards high against unceasing cyber threats.
