Cyber Incident Victim: Arriva
Date:
May 2025
Location:
Netherlands
Summary
Russian hackers targeted the Dutch travel company Corendon and the transport firm Arriva, as confirmed by their spokespeople. The attackers stated that the intrusion was a reaction to the companies' assistance to Kiev, echoing the remark that such actions follow support for Ukraine. The remark was included in the attackers' message to justify the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 1, 2025, the Dutch newspaper Telegraaf published an article reporting that Russian hackers appear to have launched a cyberattack on Dutch companies. The article states that Corendon and Arriva were among the victims of this attack. This information was confirmed by spokespersons for the affected organizations. The report indicates that the attack is part of a renewed wave of activity by Russian threat actors targeting entities in the Netherlands.
The headline of the article includes the quote “Dat is wat er gebeurt als je Kiev helpt”, which translates to “That is what happens when you help Kiev”. This phrasing suggests a connection drawn by the article between the cyberattack and support for Ukraine. The piece frames the incident as a consequence of assisting Kiev, although no technical details are supplied. The article does not disclose which systems were compromised, what data was accessed, or how the breach was detected.
Because the source provides only the confirmation of victimization and the quoted statement, no further chronology, impact assessment, or response actions can be derived. Consequently, the narrative is limited to the facts presented in the Telegraaf report. No additional information about mitigation, containment, or consequences is available from the provided material.