News item | 22-05-2025 | 10:04
The Russian gru-cyber unit 26165, better known as APT28, is responsible for cyberspionage against Ukraine and NATO countries. The Netherlands has also been target. This appears from research from several parties. These include the American services National Security Agency (NSA) and Cyber Security & Infrastructure Security Agency (CISA). The Federal Bureau of Investigation (FBI) and the Dutch Military Intelligence and Security Service (MIVD) also established this.
The purpose of the cyber unit of the Russian military secret service is to get the picture and disrupting Western (military) support for Ukraine. The NSA, CISA, FBI, MIVD and more than 15 other international services warn in a so -called cyber security advisory.
The Dutch armed forces, ministries and the business community have been directly and indirectly targeted by cyberspionage attempts. The MIVD informed them about this and measures have been taken.
Target
APT28 is of great strategic importance for Russia within the war with Ukraine. ” By bringing this Russian working method to the public, the digital freedom of movement of the GRU employees is limited. Their operations are disturbed, “says director MIVD ViceAdmiraal Peter Reesink.” Victims are also helped to discover if they have been attacked and what they can do against it. The MIVD will continue to support such actions in the future ”, he explains.
” In concrete terms, APT28 wants to get hold of military, diplomatic and economic information about Ukraine and NATO allies. This Gru unit tries to gain insight into the transports of Western military support through its operations. This both inside and outside Ukraine. That is why countries such as the Netherlands, which are part of the supply route, are the target of these cyber operations. ”
The MIVD already warned in September 2024. Then 29155 for cyber operations with the same purpose: disturbing Western help to Ukraine. At the time, the US also issued a warning and technical advice together with the MIVD and other partner services. It did not only state how countries and organizations could recognize the operations of unity 29155. It was also indicated what the possibilities were to arm themselves against this.
The OPCW Casus
In 2018, Hackers traveled from APT28 to the Netherlands with the intention of setting up a cyber operation here. The target was the organization for the ban on chemical weapons (OPCW) in The Hague. The MIVD then disrupted this cyber operation. The 4 Russian intelligence officers involved were deported. This prevents the OPCW systems from being hacked at the time. At that time, this organization did research into the poisoning of the Russian Sergej Skripal and his daughter.