 |
| Image from Unsplash |
Talking about “Laundry Bear” may make you think I’m trying to invent a new English word — perhaps a literal translation of the Dutch wasbeer, the animal we call a raccoon. Sadly, “bear that does laundry” is not an official species. And we’re not in the zoological domain anyway. We’re in the world of organized hacking groups.
This
Laundry Bear is ‘highly likely’ a ‘Russian state‑sponsored cyber actor’,
according to the intelligence services in a publication from May 2025. In plain
English: a group that conducts cyberattacks with the blessing — and probably
the funding — of the Russian government. You can find such groups in various
countries, and once they are identified, they get a label. That does not follow
a universally agreed naming convention, but a common practice is that
everything (presumably) from Russia is a bear, China has the panda, Iran the
kitten, and North Korea the chollima (a mythical horse from Korean folklore).
And those are exactly the countries that keep reappearing when we talk about
state hackers. Which, in turn, does not mean that other countries keep their
hands neatly to themselves.
In this
particular animal kingdom we find the Fancy Bear, the Wicked Panda, the
Charming Kitten and the Stardust Chollima, to name just a few. Each of them is
a group that organizations may encounter if they have something that could be
of interest to the sponsors behind the groups. Often that is information, but
it may also be about money; North Korea in particular targets Western
currencies and nowadays especially cryptocurrency.
Laundry
Bear collects information from government organizations and companies
worldwide, with special interest in the EU and NATO. They break into cloud‑based
mail environments. Besides the emails themselves, they are also interested in
the internal address book. They focus on everything related to the war in
Ukraine. In addition, they find companies interesting that produce high‑end
technology that Russia can no longer buy due to sanctions.
It is very
difficult to attribute a particular activity to the correct actor. These actors
are masters at laying false trails. But sometimes it is possible to establish
this so‑called attribution (although you will usually still see the word
‘likely’ somewhere). The Dutch intelligence services attribute the 2024 attack
on the Dutch police, in which contact details of all police employees were
stolen, to Laundry Bear. They suspect that other Dutch organizations have also
fallen victim to this actor. Until the police hack investigation, Laundry Bear
had not been known yet. The services recognized that they were dealing with a
new group.
All this
substantive information was shared publicly last year in a Cybersecurity
Advisory. In that advisory, they also list which ‘resilience‑enhancing
measures’ organizations can take. These are fairly obvious measures. You must
give people and computers the minimal privileges they need to perform their
tasks. If such an account is hacked, the attacker’s options are limited to
those privileges. Accounts with high privileges must be issued in a controlled
way and used only when those privileges are actually required; administrators
should therefore not work under their admin accounts by default. Outdated
accounts must be cleaned up. And you must encrypt your network traffic. The
list is much longer, but this gives you an idea.
As obvious
as these measures are, some organizations still struggle to implement them.
They cost time and money, and the knowledge, skills and willingness to take
these necessary measures are not present everywhere. It works no differently
than at home. You know your house needs painting, but you don’t get around to
it or the painter is too expensive. It is also a matter of setting priorities.
Intelligence
services are usually not so generous in making their information public. So why
this public advisory? Because they know a lot, but not nearly everything about
Laundry Bear. It is important for the country as a whole that organizations are
resilient against such groups. But to be resilient, they first need to be aware
of the threat. Moreover, the publication raises awareness that such groups
exist in the first place. Most of the measures mentioned also help in the fight
against Laundry Bear’s colleagues. Let’s hope the advisory reached its intended
audience.
And in the big bad world…
- Some actors go much further than merely collecting information.
- Russians are also occasionally hit by a cyberattack.
- This article explains well what digital sovereignty means for you as a citizen.
- The foreign press reports on a current Dutch sovereignty issue.
- France is also working on its digital sovereignty.
- Even security chiefs sometimes get it wrong.
- WhatsApp is getting a lockdown mode.
- AI agents built into operating systems undermine the principles of end‑to‑end security.
- There are some misconceptions about data protection.
- This article is supposedly about leaky AI toys, but it is in fact an Internet‑of‑Things failure.
- Life in an Asian scam compound is harsh.
No comments:
Post a Comment