# Russian Void Blizzard Cyberspies Linked to Dutch Police Breach

A shocking revelation has emerged regarding a previously unknown Russian-backed cyber espionage group, known as Laundry Bear or Void Blizzard. This notorious hacking crew has been linked to a high-profile security breach at the Dutch national police (Politie) in September 2024. The attackers successfully stole sensitive work-related contact information of multiple officers, including names, email addresses, phone numbers, and private details.

The Netherlands General Intelligence and Security Service (AIVD) and the Netherlands Defence Intelligence and Security Service (MIVD) have jointly issued a warning, stating that it is highly probable that these Russian hackers also breached other Dutch organizations. The investigation revealed that Laundry Bear accessed a Dutch police employee's account in September 2024 and stole work-related contact information through the Global Address List (GAL).

The attackers employed a sophisticated technique known as pass-the-cookie attacks, impersonating the cookie's owner using a stolen cookie from infostealer malware bought on a criminal marketplace. This allowed them to gain access to sensitive information without a username or password.

According to Vice Admiral Peter Reesink, MIVD's director, "We have seen that this hacker group successfully gains access to sensitive information from a large number of (government) organizations and companies worldwide. They have a specific interest in countries of the European Union and NATO." The Russian hackers' primary objective appears to be gathering information about the purchase and production of military equipment by Western governments and Western deliveries of weapons to Ukraine.

Laundry Bear, also tracked as Void Blizzard by Microsoft, has been active since at least April 2024. This hacking crew has focused on targeting Ukraine and NATO member states in attacks aligned with Russian strategic objectives. The group's tactics, techniques, and procedures (TTPs) include using stolen credentials and spear-phishing emails to breach their targets' defenses.

Once inside, they have been observed harvesting and exfiltrating files and emails from their victims' compromised systems. "Void Blizzard's cyberespionage operations tend to be highly targeted at specific organizations of interest to the Russian government, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America," Microsoft stated in a report.

Laundry Bear has breached organizations in various sectors in Ukraine, including transportation and defense. In October 2024, they also compromised user accounts at a Ukrainian aviation entity previously targeted in 2022 by APT44 (Seashell Blizzard), linked to the Russian General Staff Main Intelligence Directorate (GRU).

This latest revelation highlights the alarming level of sophistication and aggression employed by state-sponsored hackers. The Dutch police breach serves as a stark reminder of the need for enhanced cybersecurity measures and vigilance against such threats.

### Key Findings:

* Laundry Bear, also known as Void Blizzard, is a Russian-backed cyber espionage group linked to the Dutch police security breach. * The attackers stole work-related contact information of multiple officers, including names, email addresses, phone numbers, and private details. * The investigation revealed that the attackers employed a pass-the-cookie attack using stolen credentials and infostealer malware. * Laundry Bear has been active since at least April 2024 and focuses on targeting Ukraine and NATO member states in attacks aligned with Russian strategic objectives.