The General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) issued a joint warning about the Russian cyber group Laundry Bear on 27 May 2025. This group was responsible for the hack on the Dutch police in September 2024, during which work-related contact details of all officers were compromised. The publication examines how the group operates and suggests ways to safeguard your organisation from such attacks.
Laundry Bear has been conducting targeted cyberattacks against Western governments and organisations since 2024. Their focus is on government, defence, defence suppliers, civil society organisations, and digital service providers.
The group employs well-known attack methods, including password spraying, misuse of session cookies and Living-off-the-Land techniques (using existing software within a system).
Tips from the AIVD and MIVD
The AIVD and MIVD recommend that organisations in these sectors, as well as others, enhance their digital resilience. Key recommendations include:
- Use phishing-resistant multi-factor authentication (MFA).
- Set access rules based on IP addresses and devices.
- Limit the use of session cookies.
- Manage all devices centrally. Avoid Bring Your Own Device (BYOD).
- Train employees on digital security.
- Apply the NCSC’s 5 basic principles.
Learn more about the publication (in Dutch). Also, view the 5 Basic Principles on NCSC’s website.
