HQ/EMEAFind out how we can help your business
An unidentified Russian-backed cyberespionage group known as Laundry Bear has been linked to a security breach in September 2024, specifically targeting the Dutch national police force.
The Dutch national police (Politie) reported that the attackers managed to infiltrate their systems and obtain the work-related contact details of several officers.
Moreover, the stolen information reportedly included full names, emails, phone numbers, and, in some cases, personal details of law enforcement personnel.
Earlier this week, the Netherlands General Intelligence and Security Service and the Netherlands Defence Intelligence and Security Service issued a coordinated advisory officially attributing the attack to Laundry Bear.
The intelligence agencies indicated that these Russian hackers may have compromised other Dutch organisations beyond the police.
Laundry Bear breached the Dutch national police using an employee’s account.
The investigation revealed that Laundry Bear accessed a Dutch police employee’s account without authorisation in September 2024, allowing them to retrieve work-related contact information from the Global Address List (GAL).
Security researchers concluded that the threat actors utilised a pass-the-cookie attack technique, relying on stolen authentication cookies acquired from criminal marketplaces.
This approach allowed the hackers to bypass conventional username and password authentication protocols.
Furthermore, the report mentioned that the hacker group has successfully accessed sensitive data from numerous government agencies and businesses worldwide.
In addition, the announcement emphasised the attackers’ particular interest in European Union and NATO member nations, noting that Laundry Bear is gathering intelligence about Western governments’ procurement and production of military equipment and arms deliveries to Ukraine.
Microsoft security researchers also refer to this cybercriminal organisation as Void Blizzard. The group has operated actively since at least April 2024, persistently targeting Ukraine and NATO member states in ways that align with Russian strategic objectives.
The Russian hackers utilise a range of attack tactics, including stolen credentials and spear-phishing email campaigns, to infiltrate their targets. After a successful breach, the group aims to harvest and extract files and emails from the compromised systems.
Laundry Bear has effectively breached organisations across diverse sectors in Ukraine, paying special attention to the transportation and defence industries.
