Russian and Chinese state threat actors are ramping up their cyberattacks against Dutch organizations, according to a new government report.
Most of these attacks primarily aim to gain a foothold within critical infrastructure for potential future sabotage, as well as to obtain sensitive information, the Dutch principal counterterrorism unit (NCTV) said in research published Monday.
Attacks are increasingly partly due to the involvement of non-state actors from both Russia and China. For example, a larger portion of Russia’s digital espionage, sabotage and influence activities last year were carried out by the so-called “hacktivists” who are aligned with the government but may not be directly tied to it.
“In some cases, ‘traditional’ Russian cyber actors used these hacktivists as a cover, while in other cases, actual hacktivist groups acted in alignment with the Russian state,” NCTV said.
As for China, much of its offensive cyber operations are conducted in collaboration with businesses, universities, and Chinese intelligence services. “The line between these organizations is often blurred: individuals sometimes fulfill both a scientific role and a role in the Chinese security apparatus, collaborating with Chinese state companies,” NCTV added.
While Chinese state-sponsored hacker groups have long conducted large-scale and persistent cyber espionage campaigns against the Netherlands and its allies, there has been an increase in the intensity, scope and technical sophistication of these campaigns over the past year.
One of the latest Chinese government hacking operations, known as Volt Typhoon, shows that although China has primarily focused on espionage, it is also prepared to conduct sabotage operations. U.S. intelligence agencies say Volt Typhoon targeted critical infrastructure to potentially take destructive action in the event of an invasion of Taiwan.
So far, no such operations have been observed targeting Europe. However, “China’s capabilities in this area are growing rapidly and could potentially be deployed worldwide in a relatively short time,” according to the report. “This makes the Chinese cyber sabotage program a potential threat to countries like the Netherlands in the coming years,” NCTV said.
According to Pieter-Jaap Aalbersberg, Dutch national coordinator for security and counterterrorism, the threat to the Netherlands and its allies from their adversaries is posed by the combination of cyberattacks with other digital operations, such as disinformation campaigns.
“When it comes to risk management, it is therefore important to look at the coherence of these cyberattacks and the broader threat that emanates from the sum of these risks,” he said.
Earlier in October, the Dutch national police reported that unidentified hackers stole “work-related contact details,” including names, email addresses, phone numbers and private information from thousands of its officers. The police said it is “very likely” that a state-sponsored threat actor was behind the data breach, although they didn’t link it to any particular country.
Recorded Future
Intelligence Cloud.