Suspected Hack on Dutch Police Carried Out Using Stolen Cookies
The recent cyberattack on the Dutch police, which occurred at the end of September, was likely carried out by hijacking a login session, according to a police report. In this breach, personal data of all 63,000 police employees was compromised.
In a press release on the police website, Stan Duijf, head of Operations at the National Investigation and Interventions Unit, stated that the hackers likely used a “pass-the-cookie” attack. In such an attack, cybercriminals can hijack an active user session along with the associated permissions. Access to these sessions can be obtained in various ways, including phishing schemes.
During the breach, the attackers accessed a range of personal data of the 63,000 employees. The police are currently investigating how the stolen data has been used. In early October, intelligence and security agencies suggested that a state actor may be involved. It is reportedly linked to Russian hackers who targeted a police volunteer via a malware link.
