MIVD: Netherlands also target spying campaign Russian hackers
Russian GRU cyber unit 26165, better known as APT28, is responsible for cyber espionage against Ukraine and NATO countries. The Netherlands has also been targeted. This is according to multi-party investigations. These include the U.S. agencies National Security Agency (NSA) and Cybersecurity & Infrastructure Security Agency (CISA). The Federal Bureau of Investigation (FBI) and the Netherlands Military Intelligence and Security Service (MIVD) also established this.
Rijksoverheid May 23, 2025
The goal of the Russian military secret service's cyber unit is, among other things, to frame and disrupt Western (military) support to Ukraine. The NSA, CISA, FBI, MIVD and more than 15 other international services warn of this in a so-called Cybersecurity Advisory.
The Dutch armed forces, ministries and industry have been direct and indirect targets of cyber-espionage attempts. The MIVD has informed them of this and measures have been taken.
Target
APT28 is of great strategic importance to Russia within the war with Ukraine. ''By bringing this Russian modus operandi into the open, the GRU employees' digital freedom of movement is curtailed. Their operations are disrupted," said Director MIVD Vice Admiral Peter Reesink. "Victims are also helped to discover if they have been attacked and what they can do about it. The MIVD will continue to support such actions in the future,'' he explained.
''Specifically, APT28 seeks to obtain military, diplomatic and economic information about Ukraine and NATO allies. Through its operations, this GRU unit seeks to gain visibility into the shipments of Western military support, among other things. This both inside and outside Ukraine. Therefore, countries such as the Netherlands, which are part of the supply route, are targets of these cyber operations.''
In September 2024, the MIVD already warned. Then about cyber operations by GRU unit 29155 with the same objective: disrupting Western aid to Ukraine. The US, together with the MIVD and other partner services, also issued a warning and technical advice at the time. This included not only how countries and organizations could recognize the operations of Unit 29155. It also outlined options for arming against them.
The OPCW case study
In 2018, hackers from APT28 traveled to the Netherlands with the intention of launching a cyber operation here. The target was the Organization for the Prohibition of Chemical Weapons (OPCW) in The Hague. The MIVD then disrupted this cyber operation. The 4 Russian intelligence officers involved were expelled from the country. This prevented the OPCW's systems from being hacked at the time. At the time, this organization was investigating, among other things, the poisoning of Russian Sergei Skripal and his daughter.
