Dutch intelligence agencies investigated the activities of the Russian hacker group Laundry Bear, which attacked government institutions and commercial entities in the country in September 2024.
According to the Dutch Ministry of Defence, the group known as Laundry Bear has been conducting cyber espionage operations against EU and NATO countries since 2024, including collecting information on arms supplies to Ukraine.
Among the targets were law enforcement agencies, defense contractors, and high-tech companies. During one of the attacks in the autumn of last year, the work contact details of police employees were stolen.
"An unidentified Russian hacker group was behind cyberattacks on several Dutch entities, including the police, in September 2024. As a result of this attack on the police, service-related contact information and data linked to law enforcement activities were stolen," the statement reads.
It is noted that all affected Dutch organizations and institutions have already been informed about the actions of the cybercriminals, have received assistance, and appropriate security measures have been taken in response to the hackers' actions.
The cyberattacks on Dutch institutions are part of a broader international threat posed by this group.
The investigation reveals that Laundry Bear has been conducting cyber operations against Western governments and other entities at least since 2024. The group shows particular interest in the armed forces, government bodies, defense product suppliers, IT companies, and digital service providers.
Laundry Bear has also carried out cyber espionage attacks against companies producing high-tech products that Russia has limited access to due to Western sanctions.
"We have observed how this hacker group successfully gained access to confidential information from a large number of (government) organizations and companies around the world. They are especially interested in EU and NATO countries," said MIVD Director, Vice Admiral Pieter Reijnk. "Laundry Bear seeks to obtain data on the procurement and production of military equipment by Western governments, as well as on the supply of weapons to Ukraine," he said.
Laundry Bear uses sophisticated methods that are difficult to detect. Thanks to this, the group remains unnoticed for long periods.
"We have deliberately decided to expose their methods," explained AIVD Director-General Erik Akerboom. "We are publishing a technical report on Laundry Bear's methods so that not only government institutions, but also manufacturers, suppliers, and other potential targets can better protect themselves from such espionage. This reduces Laundry Bear’s chances of success and strengthens the security of our digital networks. It increases national resilience," he emphasized.
