Threats in the Netherlands

[harlan4096]

Advanced threat actors and other malicious cyber activity

By GReAT on October 11, 2018. 7:30 am

Introduction

On October 4, 2018, the MIVD held a press conference about an intercepted cyberattack on the OPWC in the Netherlands, allegedly by the advanced threat actor Sofacy (also known as APT28 or Fancy Bear, among others). According to the MIVD, four suspects were caught red handed trying to break into the OPWC’s network. Sofacy activity in the Netherlands did not come as a surprise to us, since we have seen signs of its presence in that country before. However, aside from Sofacy we haven’t seen many other advanced persistent threat (APT) groups in the Netherlands, at least when compared to other areas, such as the Middle-East. Upon further reflection, we have concluded that this is rather odd. There are quite a few big multinationals and some high tech companies located in the Netherlands. In addition, there are other potential strategic targets for threat actors. So we decided to review cyber-threat activity targeting or affecting the Netherlands.

Providing an overview of one APT’s activity can be quite difficult, let alone all the APT activity affecting a country. First, we only see what we can see. That means we can only gather data from sources we have access to, such as that shared voluntarily by our customers with Kaspersky Security Network (KSN), and those sources also need to be supplied with data related to a specific APT. As a result, like any other cybersecurity vendor, our telemetry is naturally incomplete.

Full reading: https://securelist.com/threats-in-the-ne...nds/88185/