A recent report from Cybernews revealed that Russian state-linked hackers successfully breached the Dutch Public Prosecution Service by exploiting a critical vulnerability in Citrix NetScaler appliances. The attackers gained undetected access to sensitive legal systems and potentially accessed ongoing criminal case files.
The breach, which occurred in July 2025, exploited a known Citrix NetScaler vulnerability rated CVSS 9.3. According to Cybernews, the attackers infiltrated public-facing infrastructure and likely operated as part of a GRU-affiliated group known as Laundry Bear. For weeks, they remained inside the justice system’s digital core undetected.
This is more than a government issue. Enterprises use the same public-facing Citrix gateways, VPN concentrators, and RDP infrastructure as entry points for employees, partners, and contractors. These systems are often assumed to be protected via patching, MFA, or endpoint controls — but the Citrix exploit shows those assumptions can fail.
The Risk: Assumed Trust at the Gateway
Remote access infrastructure was originally designed to simplify operations, not enforce security. When public-facing appliances like Citrix NetScaler or Fortinet SSL VPNs are exposed to the internet and not segmented in real time, a single vulnerability or stolen credential can grant attackers deep lateral access. Attackers can explore the entire network without detection.
This is precisely what happened to the Dutch justice system. Without runtime segmentation or inline enforcement of security policies, the attacker’s presence wasn’t just stealthy; it was structurally invisible.
Enterprise Takeaway: Control Starts at the Perimeter—but Doesn’t End There
This breach is a textbook case of why zero trust can’t be policy-only. The government systems breached here are no different from enterprise networks relying on the same connectivity patterns.
Aviatrix Cloud Native Security Fabric (CNSF) helps enterprises go beyond visibility to enforcement. CNSF enforces zero trust by:
Isolating Citrix and VPN control planes through encrypted segmentation
Blocking lateral movement through inline policy enforcement
Delivering continuous runtime controls, not just static ACLs
Providing audit-aligned telemetry across cloud and hybrid networks
Final Thoughts
Zero trust must be real-time. In the world of exposed gateways and credential compromise, segmentation at runtime is essential. If your network trusts remote access by default, it’s not a question of if, but when, that trust will be abused.
Aviatrix CNSF protects what connects your business: at runtime, across clouds, without blind spots.
Learn more about how Aviatrix CNSF can provide east-west visibility to detect lateral movement.
Register for a webinar on July 31 to explore how CNSF resolves modern security challenges such as multicloud, fragmentation, lack of visibility, and the vast attack surface of a cloud network.
References
Bleeping Computer. "Russian Laundry Bear cyberspies linked to Dutch Police hack." May 27, 2025. https://www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/.
Cybernews. "Russian Hack of Dutch Justice System Exposes Case Files,” accessed July 28, 2025, https://cybernews.com/security/russian-hack-dutch-justice-system-data-breach/.
Help Net Security. "Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group." May 27, 2025, https://www.helpnetsecurity.com/2025/05/27/microsoft-dutch-security-agencies-lift-veil-on-laundry-bear-void-blizzard-cyber-espionage-group/.
The Record. "Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear.'" May 27, 2025. https://therecord.media/laundry-bear-void-blizzard-russia-hackers-netherlands.
