Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Microsoft Thanks Dutch Intelligence Agencies for Help in Uncovering Laundry Bear Group

Comment

Microsoft Thanks Dutch Intelligence Agencies for Help in Uncovering Laundry Bear Group

Netvora May 28, 2025 at 11:30 AM Security
Microsoft Thanks Dutch Intelligence Agencies for Help in Uncovering Laundry Bear Group

Microsoft Thanks Dutch Intelligence Agencies for Help in Uncovering Laundry Bear Group

By Netvora Tech News

Microsoft has expressed its gratitude to the Dutch intelligence agencies, AIVD and MIVD, for their collaboration in investigating the Laundry Bear group, a hacking collective also known as Void Blizzard. The agencies recently revealed that the group was responsible for a data breach at the Dutch police force last year.

The Laundry Bear Group's Modus Operandi

According to Microsoft, Void Blizzard has been active at least since April last year. The group uses unsophisticated but effective methods to gain access to organizations and steal sensitive information. They typically rely on stolen login credentials, which are likely obtained through infostealer malware. Once inside, they can exfiltrate large amounts of files and emails.

New Techniques and Tactics

Since April this year, the group has also employed spear phishing tactics to steal login credentials. In these attacks, 20 NGOs in Europe and the United States received personalized invitations to a European security and defense conference. The emails were accompanied by a PDF attachment containing a malicious QR code that directed the recipients to a typosquatting domain resembling Microsoft's Entra authentication portal. Microsoft believes that the group uses an open-source framework called Evilginx to carry out man-in-the-middle attacks, allowing them to steal login credentials and session cookies.

Cloud API Abuse

Once the attackers gain access, they use legitimate cloud APIs, such as Exchange Online and Microsoft Graph, to enumerate mailboxes and cloud-hosted files. In some cases, they have also attempted to access Microsoft Teams conversations and messages exchanged via the Microsoft Teams web application.

Microsoft's Recommendations

In its analysis of Void Blizzard, Microsoft provides several recommendations for organizations to protect themselves against the group's attacks. These include implementing multi-factor authentication, regularly updating software and firmware, and using strong, unique passwords.

Comments (0)

Leave a comment

Back to homepage

You might also like