A secretive Russian hacker group known as Laundry Bear has been linked to a cyberattack on the Dutch national police in September 2024, Bleepingcomputer reports.
This group is believed to have stolen work-related contact information of several police officers, including names, email addresses, phone numbers, and even some private details.
Dutch intelligence agencies AIVD and MIVD confirmed on Tuesday that Laundry Bear was behind the breach. They also warned that this group likely hacked into other Dutch organizations.
The hackers got into a police employee’s account and accessed contact information using the Global Address List (GAL). Investigators say they used a method called a pass-the-cookie attack, which lets hackers log into accounts using stolen browser cookies, without needing a username or password. These stolen cookies were likely bought on a criminal website after being taken by malware.
MIVD director Vice Admiral Peter Reesink said this hacker group is targeting sensitive information from many government and private organizations around the world. Their main focus is on countries in the European Union and NATO. They are especially interested in military equipment and weapon deliveries to Ukraine.
Who is Laundry Bear?
Laundry Bear is also known as Void Blizzard by Microsoft. The group has been active since at least April 2024 and is linked to Russia’s government. Their goal is to gather intelligence that supports Russia’s interests, especially in Ukraine and NATO countries.
Their common hacking methods include:
- Stealing login information
- Sending fake emails (spear phishing)
- Collecting and stealing files and emails from compromised systems
According to Microsoft, this group targets government, defense, transport, media, NGOs, and healthcare organizations, mainly in Europe and North America. Their activities are considered a serious threat to NATO countries and Ukraine’s allies.
In the past, Laundry Bear has also attacked Ukraine’s transportation and defense sectors. In October 2024, they hacked into accounts at a Ukrainian aviation company that had already been targeted in 2022 by another Russian-linked group called APT44 (Seashell Blizzard).
