Russian hackers are suspected of being behind an attack on the Dutch police network in which work-related details of tens of thousands of officers were stolen last September.

The group, known as Laundry Bear, is believed to have targeted business, organisations and government offices across the European Union using techniques developed by the Russian military intelligence agency GRU.

The Dutch security services AIVD and MIVD published a joint report outlining Laundry Bear’s methods on Tuesday so that companies can take steps to protect their data systems.

The group targets organisations and businesses that are involved in the war in Ukraine, including the armed forces, or suppliers of high-end technology that Russia is barred from obtaining on the open market by western sanctions.

“They have a special interest in countries in the European Union and Nato,” said vice-admiral Peter Reesink, director of the MIVD. “Laundry Bear is after information about the purchase and production of military equipment by western governments and western supplies of weapons to Ukraine.”

The hackers gained access to the Dutch database by infiltrating one user’s account and placing a cookie – a small data file – on their computer that allowed it to obtain the data without needing a user ID or password.

Under the radar

Laundry Bear was able to stay under the radar by using techniques that are difficult to detect, while its working methods resemble another Russian hacking group known as APT28.

The AIVD and MIVD said it was “highly likely” that other Dutch targets had been hit, but did not give details. It added that Laundry Bear was “in development” and was likely to expand its operations with more complex attacks, possibly by using data it obtained in earlier hacks.

Eric Akerboom, director-general of the AIVD, said the intelligence services had “deliberately chosen” to publish details of the group’s modus operandi.

“This allows governments, as well as manufacturers, distributors and other targets to arm themselves against this type of espionage,” he said.

It is not the first time Russia has targeted the Dutch police computer network. In 2017 the Russian security service SRU infiltrated the system during the investigation into the shooting down of flight MH17 by a Russian militia group in the Ukrainian Donbas region three years earlier.

On that occasion the AIVD traced the attack to a Dutch police academy server.