Cyber Incident Victim: Dutch Safety Board

In October 2025, Trend Micro’s TrendLabs Security Intelligence and Zero Day Initiative (ZDI) Threat Hunters uncovered a widespread cyber campaign involving the RondoDox botnet. The operation exploited more than 50 vulnerabilities across systems from over 30 technology vendors, including flaws previously demonstrated at Pwn2Own hacking competitions. Attackers deployed a “shotgunning” approach, indiscriminately targeting a broad range of software and hardware to maximize infection rates. The campaign’s infrastructure leveraged known exploit code from public sources, repurposing proof-of-concept vulnerabilities into active attack tools. Security researchers identified the botnet’s command-and-control servers distributing malicious payloads through compromised websites and phishing lures. Among the targeted entities was the Dutch Safety Board team investigating the MH17 aviation disaster, though the article does not specify whether their systems were successfully breached.

The Dutch Safety Board became a focus of the Pawn Storm threat actor group during their MH17 crash investigation. Attackers utilized the RondoDox botnet to deliver exploits against the organization’s IT environment, though the exact intrusion methods and compromised systems remain unspecified in the source material. Trend Micro and ZDI analysts confirmed the campaign’s connection to previously documented Pawn Storm tactics, including the use of rapidly weaponized vulnerabilities. No operational disruptions or data exfiltration from the Dutch Safety Board were explicitly mentioned. The collaborative disclosure between Trend Micro and ZDI enabled vulnerability notifications to affected vendors, though specific remediation actions by the Dutch Safety Board or other victims were not detailed in the report.