A previously unknown Russian hacker group, now identified as Laundry Bear, was responsible for a significant cyberattack on Dutch police last year and has also targeted other NATO and EU countries supplying military aid to Ukraine, Dutch intelligence agencies revealed Tuesday.
In a joint report from the Netherlands’ MIVD (military intelligence agency) and AIVD (domestic intelligence agency), authorities confirmed that Laundry Bear has been actively conducting cyber espionage operations aimed at stealing sensitive military-related data. The group is considered “extremely likely” to be state-supported by Russia, the report said.
Targeting Ukraine’s Allies and Military Supply Chains
Vice Adm. Peter Reesink of MIVD emphasized that Laundry Bear is focusing on Western production and delivery of weapons to Ukraine, particularly data related to the procurement and logistics of military hardware.
“Laundry Bear is after information about the purchase and production of military equipment by Western governments and Western deliveries of weapons to Ukraine,” Reesink stated in the report.
The Netherlands, a vocal supporter of Ukraine since Russia’s full-scale invasion in February 2022, has contributed substantial military support, including F-16 fighter jets.
Major Breach of Dutch Police Systems
Laundry Bear’s most notable act so far occurred in September 2023, when the group breached a police account in the Netherlands. In the attack, the hackers gained access to internal contact details for all Dutch police officers, sending shockwaves through national law enforcement and exposing vulnerabilities in public sector cyber defenses.
The report provided a detailed breakdown of the techniques used by the hackers, including methods for infiltrating cloud services and internal networks. Dutch intelligence officials hope that releasing these details will help other organizations defend against future attacks.
Raising Public Awareness to Strengthen Defenses
Erik Akerboom, chief of AIVD, noted that publicly identifying Laundry Bear and its tactics is a strategic move.
“By outlining the group’s work, not only governments but also manufacturers, suppliers, and other potential targets can better prepare themselves,” Akerboom said. “This limits Laundry Bear’s chances of success and allows for stronger digital network protections.”
The Laundry Bear cyberattack isn’t an isolated case. Just last week, the U.S. National Security Agency (NSA) reported that Russian military intelligence had launched cyber campaigns targeting Western logistics and tech companies supporting Ukraine.
Additionally, in April, the French government accused a Russian-linked hacking group of orchestrating cyberattacks over a three-year span targeting the Paris Olympics, French agencies, and corporate infrastructure.
Though Moscow has yet to comment on the Dutch intelligence findings, the exposure of Laundry Bear adds to growing concerns about Russia’s expanding cyber warfare capabilities — and the critical importance of cyber defense among NATO and EU allies.
