Dutch authorities accuse Russian hackers of orchestrating cyberattacks on the nation's police force.
Russian Hacker Group Linked to Dutch Police Cyberattack
According to Dutch intelligence services and tech giant Microsoft, a recently discovered hacker group, known as "Laundry Bear" or "Void Blizzard," is suspected of being behind last year's cyberattacks on the Dutch police. This group, which has been operative since early 2024, is believed to be supported by the Russian state and primarily engages in espionage activities.
The Dutch military intelligence chief, Peter Reesink, stated that this hacker group had successfully managed to infiltrate sensitive information from numerous organizations and corporations globally, concentrating efforts on EU and NATO countries.
Apart from the Dutch police, the group is believed to have targeted military forces, governments, arms companies, and IT service providers in several countries. Investigations suggest that Laundry Bear likely operates with the backing of the Russian state.
The cyberattack on the Dutch police in September 2024 was part of a larger campaign against Western states, as per intelligence services. Laundry Bearutilized a "pass-the-cookie" attack to steal VPN credentials and session cookies, compromising employee accounts and exfiltrating the Global Address List containing contact details of thousands of police staff.
The group reportedly obtained these stolen credentials from the dark web markets. It also abuses legitimate cloud APIs to harvest emails, files, and even Microsoft Teams chat messages and meetings from compromised accounts.
In April 2025, Laundry Bear began employing unique spear-phishing messages with tactics such as typo-squatting to steal passwords and expand access. Its espionage focus is linked to disrupting Ukrainian supply logistics and gathering intelligence on NATO and EU defense operations, aligning with Russian strategic interests during the ongoing conflict involving Russia and Ukraine.
Laundry Bear uses sophisticated but simple techniques that allow it to remain largely undetected and "fly below the radar," using "living-off-the-land" methods that utilize legitimate tools and APIs on victim systems. Unlike ransomware groups, its operations avoid system disruption or destruction, focusing instead on continuous espionage and data theft.
- The ongoing conflict involving Russia and Ukraine has seen Laundry Bear, a hacker group believed to have Russian state support, shift its focus to gathering intelligence on NATO and EU defense operations.
- In addition to the Dutch police, this hacker group has targeted military forces, governments, arms companies, and IT service providers worldwide, as suggested by investigations.
- Cybersecurity experts monitor the activities of Laundry Bear closely, as the group employs stealthy techniques, such as "living-off-the-land" methods and "pass-the-cookie" attacks, to remain undetected and compromise victim systems, often relocating to the dark web markets for stolen information.
