The Netherlands has also been targeted in the global cyber espionage campaign by the Chinese hacking organization Salt Typhoon. This was reported by the Dutch intelligence and security services MIVD and AIVD today.
In late 2024, a large-scale Chinese cyber-espionage campaign against the global telecom sector came to light. The US attributed this campaign to the state-backed Chinese hacking organization Salt Typhoon. The MIVD and AIVD can now confirm some of the contents of the U.S. investigation with intelligence of their own.
The MIVD and the AIVD endorse the warning issued by the U.S. agencies National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI). So do European intelligence agencies BND (Germany), SUPO (Finland), NCSC (United Kingdom) and AISE (Italy), among others.
The Dutch organizations most likely did not receive the same level of attention from Salt Typhoon's hackers as those in the US. But both services did observe targets in the Netherlands. These were not large telecommunications providers, but smaller Internet Service and Hosting providers.
Investigations by the MIVD and AIVD show that the Chinese hacking organization had access to routers of the Dutch targets. As far as is known, the hackers did not penetrate further into their internal networks. Where possible, the MIVD, AIVD and the NCSC (National Cyber Security Center) have previously shared threat information with targets and other relevant audiences.
The MIVD and the AIVD have been warning for some time about the growing Chinese cyber threat. These activities are now so advanced that continuous efforts and attention are needed to detect and remedy cyber operations against Dutch interests in a timely manner. In doing so, risks can be reduced, but not completely eliminated. This poses a major challenge to Dutch resilience.
