Russia was ‘very likely’ behind large -scale data theft at the police, according to intelligence services
:format(webp)/s3/static.nrc.nl/images/gn4/stripped/data132885502-49abcc.jpg "Russia was ‘very likely’ behind large -scale data theft at the police, according to intelligence services")
A Russian hackers group with the name Laundry Bear was « very likely » last September with the support of the Russian State to make the « work -related contact details » of all employees of the National Police Boot.
This is what the police chief of the National Police Janny Knol writes to all agents this Tuesday. The conclusions about the hack are drawn after joint investigation of the General Intelligence and Security Service and the Military Intelligence and Security Service (AIVD and MIVD). The Judith Uitermark ministers (Interior, NSC) and Ruben Brekelmans (Defense, VVD) will let you know on Tuesday in a letter to the Lower House. The ministers call the Russian burglars « a Russian cyber factor so far unknown: Laundry Bear. This is a very likely state -supported actor. »
Read also
Hackers have caused great unrest after burglary at the National Police
Other organizations affected
According to the ministers, the Russian group has been carrying out cyber attacks against Western governments, companies and other organizations since at least 2024. » In addition to foreign organizations, other Dutch organizations have also been affected, which have already been informed by the government. « The actor carries out non-destructive cyber attacks, most likely for speech purposes. The intelligence services regard this actor and its activities as appropriate within the already known standard image of the Russian offensive cyber program aimed at the West and Western interests, » the ministers said.
The intelligence services publish this Tuesday « a technical report with the most important aspects of the actor working method ». For example, companies and organizations can take ‘mitigating measures’. ,, The report contains action perspective for public and private organizations in the Netherlands, and worldwide, to increase their resilience and make research possible into this cyber factor. This reduces the chance of success of the actor and digital networks can be better protected ”.
At the end of September last year, it was announced that the National Police on September 23 victim had become a major cyber attack. The Minister of Justice and Security David van Weel (VVD) wrote the House of Representatives that the « work -related contact details of all police officers » had been captured when hacking a police account.
Contact details captured
The news about the information theft at the largest employer in the Netherlands caused a lot of unrest among 62,000 employees. Chief of police Janny Knol sent all police officers a long e-mail with an explanation shortly after the incident became known. She wrote that « an office automation account was hacked. » According to her, « business contact details of colleagues from Outlook have been captured. Think of names, e-mail addresses and telephone numbers ».
A few days later, Henk Geveke, then still a member of the police force, announced « that the hack was most likely committed by another country, or perpetrators on behalf of another country. » The data on the role of a ‘statutory actor’ in the theft of the Intelligence Services AIVD and MIVD. « Based on that information, we immediately deployed substantial measures against this attack, » said Geveke.
In an email for all agents, police chief Janny Knol writes to understand this Tuesday that the feeling of safety of agents has been affected. « The police have therefore again set up a service point where employees can go with worries and questions. » The chief of police thanked everyone who contributed to the research.
Malware
The Global Address List was captured at the hack on the police. It contained the work -related contact details of police officers and some chain partners. The High Tech Crime (THTC) team is working on an investigation into the perpetrators. « The results support the information published by the intelligence services. It shows that the hackers group – which was given the name ‘Laundry Bear’ from the services – carried out cyber attacks on companies and organizations in more than forty Western countries. Many victims were made in a fairly generic way, the police said.
The Public Prosecution Service does not yet have sufficient information to be able to prosecute concrete suspects.
A so-called ‘pass-the-cookie attack’ was used at the hack on the police. This ensures that the attacker takes over an active session from an account with the associated rights. Such an attack requires an entrance sink that is captured via malware. These entrance saps, with which the hack on the police are successfully logged in to a police account, has been captured by so-called InfoStealer malware. Info-stealer malware is developed on a large scale and spread by cyber criminals. The data obtained are frequently sold for various criminal purposes such as ransomware and the stealing of crypto currency.
:format(webp)/s3/static.nrc.nl/wp-content/uploads/2025/05/30153432/data133010146-a360ae.jpg "Exitpoll: less than a percentage point difference between Polish candidates presidential elections")
:format(webp)/s3/static.nrc.nl/bvhw/files/2021/08/webhoofdbeeld1.png "At least thirty dead by monsoon rains in Northeast India")
:format(webp)/s3/static.nrc.nl/wp-content/uploads/2025/05/28143839/web-3105ZAT_LEV_giro_algemeen_2.jpg "With the grip of Simon Yates, the Giro d’Italia ends in the spirit of this edition: with a thunderous surprise")
