Cyber Incident Victim: Belastingdienst
Date:
Jan 2018
Location:
Netherlands
Summary
The Dutch tax authority and multiple banks experienced coordinated distributed denial-of-service (DDoS) attacks, causing temporary disruptions to their online services, including website outages lasting several minutes. The authority confirmed no data breaches or network intrusions occurred, though investigations were ongoing with national cybersecurity services. Concurrently, three major banks faced similar attacks, resulting in intermittent downtime for their digital platforms. The incidents followed revelations that Dutch intelligence had infiltrated a Russian-linked hacker group, sparking concerns about potential retaliatory cyber operations, though experts cautioned that attribution remained unclear and the timing alone did not establish a definitive link to state-sponsored actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 29, 2018, the Dutch tax authority and multiple financial institutions faced coordinated distributed denial-of-service (DDoS) attacks targeting their online infrastructure. The Dutch tax authority reported its website and digital services were disrupted for five to ten minutes during the attack, prompting an immediate investigation in coordination with national cybersecurity services. Spokesperson André Karels confirmed no data breaches or network intrusions occurred, emphasizing that the attack solely aimed to disrupt service availability. Concurrently, Rabobank announced via Twitter that its online services experienced downtime due to similar DDoS activity that morning, while ABN Amro disclosed it had been targeted over the preceding weekend. ING Bank also reportedly sustained attacks, though specific timing details were not provided in the source. The attacks collectively impacted critical components of the Netherlands' financial infrastructure, though all affected entities maintained operational continuity after brief interruptions.
The incidents occurred against a backdrop of heightened cybersecurity tensions following Dutch media reports days earlier that the AIVD intelligence service had infiltrated the Russian-linked hacker group Cozy Bear in 2014. This operation reportedly allowed Dutch intelligence to monitor the group's involvement in the 2016 U.S. Democratic National Committee breach. Dutch politicians, including digital affairs specialist Kees Verhoeven of the D66 party, publicly expressed concerns about potential retaliatory cyber operations against Dutch infrastructure following these revelations. Cybersecurity expert Rickey Gevers noted the temporal proximity between the DDoS attacks and the Cozy Bear disclosures but cautioned that attribution remained unconfirmed. He indicated individual perpetrators might be identified through ongoing investigations, while state-sponsored involvement would likely remain speculative due to inherent attribution challenges in such attacks. Financial institutions and government agencies continued monitoring systems without further publicized disruptions following the initial incidents.