Cyber Incident Victim: Netherlands

On March 25, 2024, a cyber attack rendered the websites of multiple Dutch provinces inaccessible. The digital services for the provinces of North Holland, Groningen, and North Brabant were among those confirmed to be impacted by the incident. The province of North Holland publicly reported that its website was down and attributed the likely cause to a Distributed Denial-of-Service (DDoS) attack. This type of attack functions by directing an overwhelming volume of traffic toward a single server, which is then unable to process the massive influx of data requests. The sheer scale of the traffic surge causes the targeted server to collapse under the pressure, resulting in the hosted websites becoming either poorly responsive or completely unreachable for legitimate users.

The attack was executed using a network of previously compromised devices, all of which were instructed to simultaneously access the provincial websites. This method of using a botnet to generate traffic is a common technique for conducting DDoS attacks, which are noted for being relatively simple to carry out and are even offered as a service by cybercriminals for hire. While the specific actors behind this incident were not identified by the sources, the attack's characteristics were described as very similar to previous digital assaults on Dutch infrastructure. The pattern of targeting government and public service websites has been established in recent months, with prior attacks affecting the judiciary, the Senate, the Chamber of Commerce, the Bank of Dutch Municipalities, OV-NL, Maastricht Aachen Airport, and several major ports. A significant number of these previous attacks were claimed by Russian-aligned hacker groups and were publicly framed as retaliatory measures for the Netherlands' support of Ukraine.