A beforehand unknown Russian-backed cyberespionage group tracked as Laundry Bear has been linked to a September 2024 Dutch police safety breach.
Because the Dutch nationwide police (Politie) revealed final 12 months, the attackers stole work-related contact info of a number of officers, together with names, electronic mail addresses, cellphone numbers, and, in some instances, personal particulars.
The Netherlands Common Intelligence and Safety Service (AIVD) and the Netherlands Defence Intelligence and Safety Service (MIVD) on Tuesday linked Laundry Bear to this breach in a joint advisory issued on Tuesday, warning that it’s extremely possible that these Russian hackers additionally breached different Dutch organizations.
Because the advisory explains, Laundry Bear accessed a Dutch police worker’s account in September 2024 and stole work-related contact info by means of the World Handle Checklist (GAL).
The investigation revealed that the attackers probably used a pass-the-cookie assault, impersonating the cookie’s proprietor utilizing a cookie stolen through infostealer malware and acquired on a prison market. This allowed the menace actor to entry info with out a username or password.
“We now have seen that this hacker group efficiently positive factors entry to delicate info from a lot of (authorities) organizations and firms worldwide. They’ve a particular curiosity in international locations of the European Union and NATO,” mentioned Vice Admiral Peter Reesink, MIVD’s director.
“Laundry Bear is after details about the acquisition and manufacturing of army gear by Western governments and Western deliveries of weapons to Ukraine.”
Who’s Laundry Bear?
Additionally tracked as Void Blizzard by Microsoft, this hacking crew has been energetic since no less than April 2024 and targeted on concentrating on Ukraine and NATO member states in assaults aligned with Russian strategic aims.
The Russian hackers’ ways, strategies, and procedures (TTPs) embrace utilizing stolen credentials and spear-phishing emails to breach their targets’ defenses.
As soon as in, they have been noticed harvesting and exfiltrating recordsdata and emails from their victims’ compromised programs.
“Void Blizzard’s cyberespionage operations are usually extremely focused at particular organizations of curiosity to the Russian authorities, together with in authorities, protection, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America,” Microsoft mentioned in a Tuesday report.
“Specifically, the menace actor’s prolific exercise towards networks in important sectors poses a heightened danger to NATO member states and allies to Ukraine on the whole.”
Laundry Bear has breached organizations in numerous sectors in Ukraine, together with transportation and protection. In October 2024, additionally they compromised person accounts at a Ukrainian aviation entity beforehand focused in 2022 by APT44 (Seashell Blizzard), linked to the Russian Common Workers Essential Intelligence Directorate (GRU).
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and the way to defend towards them.
