Cyber Incident Victim: Eerste Kamer
Date:
May 2023
Location:
Netherlands
Summary
A cyberattack disrupted the websites of the Dutch Senate and the national court system, causing access difficulties due to overloading from a distributed denial-of-service (DDoS) attack. The incident coincided with a visit from the Ukrainian president. A spokesperson suggested it aligned with actions by pro-Russian 'hacktivists', and a cybersecurity firm attributed the Senate attack to a group known for targeting opponents of Russia. The Council for the Judiciary filed a criminal report with police.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the morning of May 4, 2023, a series of cyberattacks began targeting websites belonging to the Dutch government. These distributed denial-of-service (DDoS) attacks caused significant accessibility issues for users attempting to connect to the affected services. The website of the Dutch court system, Rechtspraak.nl, was one of the primary targets, experiencing a flood of malicious internet traffic that overwhelmed its capacity. This deliberate overloading made it difficult, if not impossible, for legitimate users to access the site's information and services. Concurrently, the website of the Dutch Senate, known as the Eerste Kamer, was also experiencing severe difficulties and was reported as being difficult to access throughout the day. The technical issue affecting the Senate's site was described by a spokesperson as being due to "overloading," which is consistent with the effects of a DDoS attack.
The timing of these cyberattacks was notable as they coincided with the visit of Ukrainian President Volodymyr Zelenskyy to the Netherlands. During his visit, President Zelenskyy spoke to representatives of the Dutch Parliament and delivered a significant speech at the World Forum in The Hague. This temporal link led to immediate speculation regarding the motivation and origin of the attacks. A spokesperson involved with the incident indicated that the nature of the event aligned with the known actions of "'hacktivists' with sympathy towards Russia,” though no specific evidence was provided to substantiate this claim at the time. Hacktivism refers to the use of computer hacking as a tool to promote political or social agendas.
The entity responsible for managing the court system's website, the Council for the Judiciary, publicly confirmed it was grappling with the DDoS attack. The Council reported that the identity of the attacker remained formally unknown to them, and they emphasized that despite the online disruption, all physical court cases were proceeding as usual without interruption. In response to the incident, the Council for the Judiciary took formal steps by announcing its intention to file a criminal report about the attack with the police. The organization also stated it was preparing for the possibility that the disruptive attack could persist for several days, indicating a proactive approach to potential ongoing disruption.
The broader national cybersecurity apparatus was engaged with the incident. The National Cyber Security Center (NCSC) confirmed it was aware of the attacks affecting the government websites. Public suggestions regarding the attackers' identity emerged from the cybersecurity intelligence community. The cybersecurity firm FalconFeeds.io suggested that the attack specifically targeting the Dutch Senate website might have been launched by a relatively unknown hacker group called NoName05716. This group is characterized as a collection of hacktivists who regularly carry out digital attacks against nations and organizations perceived as opponents of Russia. Their tactics frequently involve DDoS attacks aimed at overwhelming websites with traffic, causing them to slow to a crawl and become inaccessible. The group had a prior history of such actions; for example, it was reported that they had targeted the Canadian Senate's website in the month preceding the Dutch incident.
The possible involvement of this group introduced questions about potential connections to the Russian state. Russia is known to be home to several well-established and sophisticated hacker groups, such as Fancy Bear (also known as Pawn Storm) and Cozy Bear, which are believed to work on behalf of Russian intelligence agencies and have historically launched attacks against the Dutch government. However, no concrete evidence linking the May 4th attacks to these advanced groups or directly to the Russian state was presented in the immediate aftermath. The incident was therefore treated as a disruptive attack with a likely political motivation, leveraging relatively simple but effective techniques to achieve maximum visibility and disruption during a high-profile event. The primary impact was the sustained unavailability of key government digital services, undermining public access to information and the normal online operations of the judicial and legislative branches of the Dutch government.