from Hotznplotzn@lemmy.sdf.org to cybersecurity@infosec.pub on 28 May 05:45
https://lemmy.sdf.org/post/35479244
cross-posted from: lemmy.sdf.org/post/35479238
A previously unknown Russian hacker group that has been given the moniker “Laundry Bear” has spent roughly a year targeting government and commercial entities in the Netherlands and other NATO and EU countries, according to a joint report from the Dutch General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD).
The group, believed to be operating on behalf of the Kremlin, was first detected in September 2024 after stealing sensitive data on approximately 63,000 Dutch police officers. According to Politico, nearly the entire Dutch police force was affected by the breach.
[…]
A technical investigation into the victims indicated that Laundry Bear likely sought sensitive information on the procurement and production of military equipment by Western governments, as well as details on weapons deliveries to Ukraine. Dutch intelligence services observed that the group appears to possess a certain level of insight into the defense production and supply chains involved. Laundry Bear has also targeted companies developing advanced technologies that are difficult for Russia to acquire due to Western sanctions.
[…]
Microsoft is conducting its own investigation into the group, which exploited the company’s Exchange servers. Microsoft has named the threat actor “Void Blizzard.”
[…]
One example cited in the report includes a PDF attachment from Laundry Bear disguised as an invitation to a European Defense and Security Summit and containing a QR code that led to a phishing website.
Laundry Bear employed a variety of hacking techniques, including cookie theft and replacement, password brute-forcing, and phishing (using fake emails or messages to steal login credentials). While these methods are relatively simple, identifying the group behind the attacks is challenging. However, AIVD notes that APT28 (also known as Fancy Bear) — a group linked to Russia’s GRU military intelligence agency — uses similar methods and typically targets the same types of institutions.
threaded - newest