Dutch intelligence agencies report country was targeted by Chinese cyber spies

The Netherlands announced on Thursday that it had been targeted by a Chinese cyber-espionage campaign tracked as Salt Typhoon and RedMike that has been compromising critical infrastructure globally.

“Dutch organizations most likely didn't receive the same level of attention from the Salt Typhoon hackers as those in the US,” but the country’s intelligence agencies observed targeting in the Netherlands, the Ministry of Defence said.

“These were not large telecommunications providers, but smaller internet service and hosting providers,” the ministry explained, crediting an investigation by the Dutch Military Intelligence and Security Service (MIVD) and General Intelligence and Security Service (AIVD), which it said “can now corroborate some of the findings of the US investigation with independent intelligence.”

According to the investigation by the Dutch services, “the Chinese hacking organization had access to routers belonging to the Dutch targets.” 

“As far as we know, the hackers did not penetrate any further into their internal networks,” they said. The agencies warned that the Chinese cyber threat was growing. 

“These activities have become so sophisticated that continuous effort and attention are required to promptly detect and mitigate cyber operations against Dutch interests,” they said. “This can reduce risks, but not eliminate them entirely. This poses a major challenge to Dutch resilience.”

The announcement follows both of the Dutch services co-sealing an advisory published Wednesday blaming three Chinese technology companies for the intrusions, which partially overlapped with campaigns reported by the cybersecurity industry and tracked as Salt Typhoon, RedMike, OPERATOR PANDA, UNC5807 and Ghost Emperor, among others.

The advisory identified the perpetrators behind a hacking campaign that first came to light last year after threat actors intercepted the correspondence of senior officials within both U.S. presidential campaigns. In December, U.S. officials said dozens of other countries had been impacted.

Thirteen countries co-sealed the announcement on Wednesday, including agencies from the United States, Australia, Canada, New Zealand, United Kingdom, Czech Republic, Finland, Germany, Italy, Japan, Netherlands, Poland and Spain.

It warned that data obtained through intrusions against the telecommunications, lodging and transportation sectors has provided “Chinese intelligence services with the capability to identify and track their targets’ communications and movements around the world.”