THE HAGUE, Netherlands — A previously unknown pro-Russian hacking group was responsible for a series of sophisticated cyberattacks last year targeting NATO, the Dutch police, and other key European institutions, according to a joint disclosure Tuesday by the Dutch General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD).
The hackers, operating under the codename “Laundry Bear”, are believed to have acted with direct support from the Russian government, the agencies told Dutch lawmakers in a letter outlining the results of an ongoing cyber investigation.
“The cyberattacks against Dutch institutions are part of a larger international cyber threat posed by the hacker group,” the agencies said in a public statement.
The group remained undetected until September 2024, when it was discovered infiltrating the network infrastructure of the Dutch national police, gaining unauthorized access to confidential data of police officials, the report revealed.
Investigators also found that Laundry Bear had conducted cyber-espionage campaigns targeting high-tech manufacturing firms across Europe—especially those involved in military technologies that Russia cannot legally acquire due to Western sanctions linked to its war in Ukraine.
The intelligence agencies confirmed that the group’s cyber operations date back at least to early 2024, and that the hackers had sought to extract data on military procurement, weapons manufacturing, and Western arms shipments to Ukraine.
“This is a coordinated and state-backed effort to undermine Western security infrastructure and steal sensitive defense information,” the joint statement concluded.
The revelations underscore the growing cybersecurity risks faced by Western institutions amid rising geopolitical tensions, particularly as Russia intensifies both physical and digital offensives related to its ongoing war in Ukraine.
The Dutch government has not disclosed the full extent of the compromised information but said security measures and counterintelligence protocols have since been reinforced to defend against future intrusions.
