May 28, 2025 – Dutch intelligence agencies have exposed a new Russian cyber threat group responsible for hacking multiple organizations in the Netherlands, including a major attack on the national police in 2024.
The group, named “Laundry Bear” by the Netherlands’ General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD), has also been tracked by Microsoft as “Void Blizzard.”
Police Data Breach in September 2024
In September 2024, hackers accessed a Dutch police employee account and extracted information from the Global Address List. This included names, emails, phone numbers, and in some cases, private details of police officers.
The attackers used a method known as “pass-the-cookie” to steal login tokens, likely obtained through malware sold on criminal marketplaces.
Focus on NATO and EU Targets
Investigators found that Laundry Bear has been active since at least 2024, targeting governments, defense contractors, and institutions in NATO and European Union countries. Their primary interest is information about military equipment and arms shipments to Ukraine.
“This group is gaining access to sensitive data from government bodies and companies around the world,” said MIVD Director Vice Admiral Peter Reesink. “Their focus is on Western military activity and technology that Russia can’t access due to sanctions.”
Advanced but Hard to Detect
Though Laundry Bear uses simple techniques, they are highly effective. Their attacks are hard to distinguish from normal network activity and often go undetected for long periods. The group appears to use automation to carry out many attacks quickly and successfully.
While Laundry Bear shares some tactics with another Russian group known as APT28 (Fancy Bear), Dutch officials say they are separate entities.
Going Public to Boost Cyber Defenses
In a rare move, Dutch authorities publicly disclosed the group’s techniques to help organizations defend themselves. “We are choosing to expose their methods,” said AIVD Director-General Erik Akerboom. “This helps governments, suppliers, and others protect their networks.”
Wider Cybersecurity Threat
This discovery highlights the rising cyber threats facing the Netherlands and its allies. AIVD and MIVD report a growing number of cyberattacks targeting Dutch interests, becoming more frequent and complex.
Authorities warn that Laundry Bear is likely to increase its activity and develop more advanced tactics. All affected Dutch organizations have been alerted and supported in improving their cybersecurity defenses.
