Unknown Russian group behind hacks Dutch targets
A hitherto unknown Russian cyber group is behind the hacks on several Dutch organizations, including the police in September 2024. In the case of the police, work-related contact information was captured. The services have not been able to determine whether any other data was stolen.
AIVD 27 May 2025
That's according to investigations by the Dutch intelligence and security services AIVD and MIVD. The services named the hacker group involved as Laundry Bear. Meanwhile, the under-recognized affected Dutch organizations have been informed. They have also been assisted in taking measures against the hacks.
The cyber attacks against Dutch agencies are part of a larger international cyber threat from the hacker group. The investigation also reveals that Laundry Bear has been responsible for cyber operations against Western governments and other institutions since at least 2024. They have specific interest in armed forces, governments, defense (supply) agencies, social welfare organizations and IT and digital service providers. Furthermore, Laundry Bear has conducted cyber-espionage attacks against companies that produce high-value technologies, Due to current Western sanctions, Russia has a hard time getting to them.
Technical advice helps resist attacks
Laundry Bear uses techniques, which are difficult to recognize. This is how this hacker group manages to stay under the radar for a long time.
"We have seen this hacker group successfully gain access to sensitive information of a large number of (government) organizations and companies worldwide. They have a specific interest in European Union and NATO countries," said Director MIVD Vice Admiral Peter Reesink. 'Laundry Bear is after information about the procurement and production of military equipment by Western governments and Western deliveries of weapons to Ukraine.'
"We deliberately choose to expose their modus operandi," explained AIVD Director General Erik Akerboom. "We do this by making public a technical opinion on Laundry Bear's modus operandi. In this way, not only governments, but also manufacturers, suppliers and other targets can arm themselves against this form of espionage. This will curb Laundry Bear's success rate and better protect digital networks. This increases our national resilience.
Sharp increase in cyber threat
In recent years, the AIVD and MIVD have seen an increasing number of different hacker groups attacking the Netherlands and allies. Both services have to investigate this. As a result, the threat against the Netherlands and the complexity of the attacks are increasing.
