nltimes.nl
Saturday, 13 September 2025 - 08:15

The Royal Netherlands Army is deploying hackers to the front lines as part of the newly formed 101 CEMA Battalion, officials said Thursday. According to De Telegraaf, the unit, officially established in Stroe, merges companies specialized in electronic warfare and cyber operations.

Electronic warfare includes disrupting enemy communications and tracking opponents through signal detection. The Netherlands reportedly gained experience in Afghanistan, where specialists traveled in armored vehicles equipped with large antennas.

During early experiments, soldiers hacked webcams, smart doorbells, and robotic vacuum cleaners to gather intelligence on buildings holding hostages. In Ukraine, hackers can take control of drawbridges to block enemy advances without permanently destroying infrastructure.

Field hacking is a newer capability. “We could have had more if the military budget had allowed,” Lieutenant Colonel Peter Masseling, commander of 101 CEMA, told De Telegraaf. “But the priorities were different. Fortunately, only our quantity suffered; our quality remains at the forefront internationally.”

Funding constraints have now been lifted. The battalion currently employs 20 hackers, with plans to grow to 50 within a 250-person unit. Over the next five years, millions will reportedly be invested in the Cyber and Electronic Warfare branch. The ultimate goal is three battalions, so each brigade has dedicated cyber specialists. “With a tank, you don’t shut down a website,” Masseling told the newspaper.

The 101 CEMA Battalion embeds hackers directly with combat units, unlike the Cyber Command, which operates from bases to disrupt enemy systems. Most members are trained for frontline deployment, while the unit also includes skilled personnel who work behind the lines and do not meet physical military requirements.

nltimes.nl/ Thursday, 28 August 2025 - 12:50 -
Dutch intelligence agencies confirmed on Thursday that the country was targeted in the global cyberespionage campaign carried out by the Chinese state-linked hacker group Salt Typhoon. The campaign, which came to light in late 2024, focused on the international telecommunications sector.

The Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) said they independently verified portions of a U.S. investigation attributing the campaign to Salt Typhoon. “We can confirm parts of the U.S. findings through our own intelligence,” the agencies stated.

The warning aligns with alerts issued by the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), as well as European intelligence services including Germany’s BND, Finland’s SUPO, the U.K.’s NCSC, and Italy’s AISE.

In the Netherlands, the targets were smaller Internet service and hosting providers rather than the major telecom operators. Investigations by the MIVD and AIVD indicate that the hackers gained access to routers of Dutch targets but, as far as is known, did not penetrate internal networks further. Where possible, the agencies and the National Cyber Security Centre (NCSC) shared threat information with affected organizations.

The agencies emphasized that China’s cyber activities have become increasingly sophisticated. “These activities are now so advanced that continuous effort and attention are needed to detect and counter cyber operations against Dutch interests,” the MIVD and AIVD said. They added that while proactive measures can reduce risk, complete prevention is not possible, posing a significant challenge to national cyber resilience

bitdefender.com 19.08.2025 - A hack of the Netherlands' Public Prosecution Service has had an unusual side effect - causing some speed cameras to be no longer capturing evidence of motorists breaking the rules of the road.
Last month, Dutch media reports confirmed that Openbaar Ministerie (OM), the official body responsible for bringing suspects before the criminal court in the Netherlands, had suffered a security breach by hackers.

The National Cybersecurity Centre (NCSC) and data protection regulators in The Netherlands were informed that a data breach had potentially occurred, and an internal memo from the organisation's director of IT warned of the risks of reconnecting systems to the internet without knowing that the hackers had been expelled from the network.

And it is the disconnection of systems which has left many speed cameras in a non-functioning state - news that will bemuse cybercriminals, delight errant motorists, but is unlikely to be welcomed by those who care about road safety.

Local media reports claim that fixed speed cameras, average speed checks, and portable speed cameras that are usually in one location for about two months before relocation are impacted by the outage - with the only type to escape the problem being those which look out for motorists who are using their mobile phone while driving.

According to evidence seen by journalists, the Public Prosecution Service took itself offline on July 17, following suspicions that hackers had exploited vulnerabilities in Citrix devices to gain unauthorised access.

The organisation's disconnection from the internet left workers still able to email each other internally, but any communications or documents that were needed outside the organisation had to be printed out on paper.

Marthyne Kunst, a member of the crisis team dealing with the hack, told the media that this meant messages were having to be sent by post, lawyers were having to bring paperwork to their cases.

The consequence? Cases may be prevented from going ahead in a timely fashion.

"Unfortunately, it all takes more time," said Kunst.

And as for the speed cameras? Well, apparently it is not possible to reactivate them while the prosecution service's systems are down.

So this isn't a case of police cameras being hacked (although that has happened before), but it is another example of how all manner of connected systems can be impacted in the aftermath of a cyber attack.

The outage of speed cameras in the Netherlands is a timely reminder to us that cyber attacks do not just steal data - they can cause repercussions in sometimes strange and dangerous ways. In this instance, a hack hasn't only slowed down court cases and forced lawyers back to their filing cabinets, it has also blinded cameras designed to keep roads safe.

The Dutch Public Prosecution Service on Monday began phased restoration of its networks after a cyberattack last month forced the agency to take down its services offline.

The agency on Monday confirmed that hackers exploited a vulnerability in a Citrix device, but said that no data was stolen or manipulated in the breach. It took systems offline on July 17 following disclosures of vulnerabilities in Citrix NetScaler ADC and Gateway appliances.,

Dutch media reported in late July that "well-informed sources" believe Russia is behind the incident. Cybersecurity experts told newspaper Algemeen Dagblad that Russian hackers were likely gathering intelligence from the prosecution office or intending to disrupt a close Western ally of Ukraine. The Netherlands has been a strong supporter of Kyiv following Moscow's 2022 invasion of Ukraine, including by transferring F-16 airplanes and training the Ukraine military. Only on Monday it pledged 500 million euros to a NATO fund purchasing U.S. munitions for Ukraine, including Patriot missile intercept systems.

A July warning from the Dutch National Cyber Security Center that hackers were targeting vulnerabilities known as Citrix Bleed 2 prompted the prosecution service to isolate its internal network. The vulnerability, tracked as CVE-2025-5777, allows attackers to bypass multifactor authentication, hijack user sessions and gain unauthorized access to the equipment (see: Attackers Actively Exploit 'Citrix Bleed 2' Vulnerability).

Netherlands intelligence agencies earlier this year fingerprinted Moscow hackers for September 2024 breach resulting in the theft of work-related contact details of all Dutch police officers. Dutch agencies said the hackers behind the police incident belonged to a new cluster of threat activity they dubbed Laundry Bear. The group shares tactics with Unit 26165 of the Russian Main Intelligence Directorate, commonly tracked as APT28, the government said (see: NATO Countries Targeted By New Russian Espionage Group).

Citrix released patches for Citrix Bleed 2 on June 17. The Dutch Public Prosecution Service would not be the only organization to have succumbed to the flaw. Cybersecurity company Imperva in July reported observing more than 10 million attack attempts, although many of those were opportunistic and automated. Nor would Russia be the only nation-state to take advantage of the flaw. GreyNoise last month said it observed early exploitation attempts appearing to originate from China in what appeared to be targeted attacks.

nltimes.nl - Several major government institutions across the Caribbean part of the Kingdom of the Netherlands were hit by cyberattacks last week, including a ransomware attack on Curaçao’s Tax and Customs Administration that temporarily disabled critical services, NOS reports.

According to Curaçao’s Minister of Finance, ransomware was used in the attack on the tax authority. After the breach was discovered by staff, one of the agency’s systems was taken offline as a precaution. An investigation into the origin and impact of the attack is ongoing. The Ministry of Finance stated that no confidential information was compromised.

Despite the breach, the online platform for filing and paying taxes remained operational. However, both the telephone customer service and in-person assistance were unavailable for several days. All services were restored by Monday, the ministry confirmed.

Meanwhile, the Court of Justice — which operates across all six Caribbean islands of the Kingdom — was also affected by a cyber incident. A virus was detected in the court’s IT system, prompting officials to shut down the entire computer network out of caution. Several court cases scheduled for last week were postponed, although most hearings continued as planned. Restoration efforts are still underway.
In Aruba, hackers also gained unauthorized access to official email accounts belonging to members of parliament. The extent of the breach and potential consequences remain unclear.

In response to the string of incidents, authorities on Sint-Maarten issued a public alert urging businesses and institutions on the islands to increase their cybersecurity vigilance.

The wave of cyberattacks follows a separate hacking incident in the Netherlands just two weeks ago, when the national Public Prosecution Service (Openbaar Ministerie) disconnected all its systems from the internet after detecting a breach. The disruption continues to have major consequences. Defense attorneys have reported significant difficulty accessing essential information, hindering their ability to represent clients.

Police in the Netherlands say they seized 127 servers this week that were used by Zservers, a bulletproof hosting service that was the subject of international sanctions issued Tuesday.

Four distributors of the encrypted communications service Sky ECC, used extensively by criminals, were arrested in Spain and the Netherlands.

The national Dutch police (Politie) says that a state actor was likely behind the data breach it detected last week.

The Dutch Data Protection Authority imposed the largest fine yet against facial recognition company Clearview AI under the GDPR.

Devices are kept in vault during weekly gatherings, prime minister said.

I began my search for opportunities and stumbled upon a list of eligible websites for bug hunting at https://gist.github.com/R0X4R/81e6c50c091a20b060afe5c259b58cfa. This list became my starting…

Chinese state-backed cyber spies gained access to a Dutch military network last year, Dutch intelligence agencies said on Tuesday, calling it part of a trend of Chinese political espionage against the Netherlands and its allies.

A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.

ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.