A beforehand unknown Russian-backed cyberespionage group tracked as Laundry Bear has been linked to a September 2024 Dutch police safety breach.
Because the Dutch nationwide police (Politie) revealed final yr, the attackers stole work-related contact data of a number of officers, together with names, e mail addresses, telephone numbers, and, in some instances, non-public particulars.
The Netherlands Common Intelligence and Safety Service (AIVD) and the Netherlands Defence Intelligence and Safety Service (MIVD) on Tuesday linked Laundry Bear to this breach in a joint advisory issued on Tuesday, warning that it’s extremely possible that these Russian hackers additionally breached different Dutch organizations.
Because the advisory explains, Laundry Bear accessed a Dutch police worker’s account in September 2024 and stole work-related contact data by way of the International Deal with Listing (GAL).
The investigation revealed that the attackers probably used a pass-the-cookie assault, impersonating the cookie’s proprietor utilizing a cookie stolen by way of infostealer malware and acquired on a legal market. This allowed the risk actor to entry data with no username or password.
“We have now seen that this hacker group efficiently positive factors entry to delicate data from a lot of (authorities) organizations and firms worldwide. They’ve a selected curiosity in nations of the European Union and NATO,” stated Vice Admiral Peter Reesink, MIVD’s director.
“Laundry Bear is after details about the acquisition and manufacturing of navy tools by Western governments and Western deliveries of weapons to Ukraine.”
Who’s Laundry Bear?
Additionally tracked as Void Blizzard by Microsoft, this hacking crew has been energetic since a minimum of April 2024 and targeted on focusing on Ukraine and NATO member states in assaults aligned with Russian strategic goals.
The Russian hackers’ ways, methods, and procedures (TTPs) embrace utilizing stolen credentials and spear-phishing emails to breach their targets’ defenses.
As soon as in, they have been noticed harvesting and exfiltrating recordsdata and emails from their victims’ compromised programs.
“Void Blizzard’s cyberespionage operations are typically extremely focused at particular organizations of curiosity to the Russian authorities, together with in authorities, protection, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America,” Microsoft stated in a Tuesday report.
“Particularly, the risk actor’s prolific exercise in opposition to networks in vital sectors poses a heightened threat to NATO member states and allies to Ukraine generally.”
Laundry Bear has breached organizations in numerous sectors in Ukraine, together with transportation and protection. In October 2024, in addition they compromised person accounts at a Ukrainian aviation entity beforehand focused in 2022 by APT44 (Seashell Blizzard), linked to the Russian Common Employees Essential Intelligence Directorate (GRU).
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and easy methods to defend in opposition to them.
