Cyber Incident Victim: Rechtspraak
Date:
May 2023
Location:
Netherlands
Summary
A distributed denial-of-service attack targeted the Dutch court system's website, Rechtspraak.nl, causing significant access difficulties and overloading its servers. The cyberattack coincided with a high-profile political visit to the Netherlands. The identity of the attacker was unknown, though the incident was attributed to hacktivists with pro-Russian sympathies. A criminal report was filed with police, and preparations were made for the possibility of a multi-day disruption. The Dutch Senate website also experienced similar difficulties.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 4, 2023, a series of cyberattacks disrupted the online operations of several Dutch government websites. The incident coincided with the visit of Ukrainian President Volodymyr Zelenskyy to the Netherlands, where he was scheduled to speak to representatives of the Dutch Parliament and deliver an address at the World Forum in The Hague. The primary target was the Dutch court system's official website, Rechtspraak.nl, which came under a significant distributed denial-of-service (DDoS) attack. This type of attack functions by flooding a website with an overwhelming volume of internet traffic, deliberately causing it to slow to a crawl and become difficult or impossible for legitimate users to access. The technical issues for the Rechtspraak.nl website began on Thursday morning and persisted throughout the day as the site was inundated with malicious traffic.
Concurrently, the website of the Dutch Senate, the Eerste Kamer, also experienced significant accessibility problems. A spokesperson for the Senate attributed the technical difficulties to "overloading," a term consistent with the effects of a DDoS incident, though a direct link to the same attack campaign was not explicitly confirmed in the initial reporting. The National Cyber Security Center (NCSC) of the Netherlands acknowledged it was aware of the ongoing incidents affecting these government digital assets. While the identity of the attackers was not officially confirmed by authorities at the time, a spokesperson involved in the incident suggested the activity aligned with the known patterns of ‘hacktivists’ who hold sympathies towards Russia. Hacktivism refers to the use of computer hacking as a tool to promote a political or social agenda.
The Council for the Judiciary, the administrative body responsible for the court system, publicly addressed the attack on Rechtspraak.nl. They reported that while the website was severely impacted, the core judicial functions remained unaffected; court cases proceeded as usual without disruption. The Council stated that the identity of the specific attacker or group behind the DDoS campaign remained unknown to them at that stage. In response to the incident, the Council for the Judiciary took formal action by announcing its intention to file a criminal report with the police. Furthermore, the organization prepared for the possibility that the disruptive attacks could continue for several days, indicating an expectation of persistent threat activity.
External cybersecurity analysis provided potential attribution for the Senate website disruption. The cybersecurity firm FalconFeeds.io suggested that the attack on the Dutch Senate's site might have been launched by a relatively unknown hacker group identified as NoName05716. This group is characterized as a collection of hacktivists known for regularly carrying out digital attacks, primarily DDoS campaigns, against nations and organizations perceived as opponents of Russia. Their tactics involve targeting government and institutional websites to cause public disruption and garner attention for their cause. As an example of their previous activity, the group had reportedly targeted the Canadian Senate's website in a similar manner just one month prior, in April 2023.
The broader context of the incident involves the well-documented presence of sophisticated Russian cyber threats. Russia is known to host several prominent and advanced hacker groups, such as Fancy Bear (also known as Pawn Storm) and Cozy Bear, which are widely believed by intelligence agencies and security researchers to conduct operations on behalf of Russian state intelligence services. These groups have a history of launching complex cyber espionage and disruptive attacks against the Dutch government and other international targets in previous years. However, no evidence linking the May 4th DDoS attacks directly to these state-affiliated groups or to the Russian government itself was presented in the immediate aftermath. The incident was treated as a disruptive hacktivist campaign rather than a more severe breach, with the primary impact being the temporary unavailability of public-facing websites.