The already unknown Russian-supported Siberspase Group has been tracked as a zero icy storm, which has been linked to the September 2024 Dutch police safety violation.
As the Dutch National Police (Politi) revealed last year, the attackers stole work-related information of several officers, including names, email addresses, phone numbers and some cases, private details.
Netherlands General Intelligence and Security Service (AIVD) and Netherlands Defense Intelligence and Security Service (MIVD) connected this violation on Tuesday with this violation Joint advisor Warned on Tuesday, warning that it was highly likely that these Russian hackers also broke other Dutch organizations.
As advisors explain, zero Blizard accessed the account of a Dutch police employee in September 2024 and stole the contact information related to the work through the Global Address List (GAL).
Investigations revealed that the attackers probably used a pass-the-kuki attack, bought to the cookie owner using stolen cookie through infostealer malware and on a criminal market. This allowed the danger actor to reach information without a user name or password.
“We have seen the hacker group successfully access to sensitive information from organizations and companies worldwide,” MIVD Director Vice Admiral Peter Risink said. They have special interest in the European Union and NATO countries.
“Laundry bears are after information about the procurement and production of military equipment by Western governments and the western delivery of weapons to Ukraine.”
Who is zero icy storm?
The Dutch was also tracked as a laundry beer by Intelligence Services, the hacking crew is at least active since April 2024 and has focused on targeting Ukraine and NATO member states in attacks with Russian strategic purposes.
Russian hackers’ strategy, technology and procedures (TTPs) include using stolen credibility and spear-firing email to break the defense of their goals.
Once, they have been seen cutting and exfiltrating the files and emails from the system of their victims.
“Cyberpine operation of zero icy storm is highly targeted on specific organizations of interest for the Russian government, including government, defense, transport, media, non-governmental organizations (NGOs), and healthcare sector mainly mainly in Europe and North America,” Microsoft said In a Tuesday report.
“In particular, the threat against the network in important areas, the actor’s abundance activity creates an increased risk for Ukraine in general for NATO member states and colleagues.”
Zero Blizard has violated organizations in various fields in Ukraine, including transport and defense. In October 2024, he also compromised on the user accounts in the Ukrainian aviation unit, which was first targeted by APT44 (Seashell Blizzard) in 2022, which was associated with the Directorate of Russian General Staff Main Intelligence (Gru).
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
