In 2014, Dutch intelligence agency AIVD reportedly managed to locate the hub of the Kremlin-linked hacker group Cozy Bear, also known as APT29. AIVD reportedly gained access to the state-sponsored hacker group's networks and spied on Cozy Bear's hacking activities in a cyberespionage campaign that is believed to have lasted between one and two and a half years.
Cozy Bear, along with yet another Fancy Bear (APT28) hacking group, are widely considered to be responsible for the cyberattacks targeting the US Democratic Party during the 2016 presidential election. In 2016, the CIA, the DNI and the FBI concluded that Kremlin-linked hackers launched attacks to influence the 2016 election.
Netherland's Joint Sigint Cyber Unit (JSCU) - a joint unit of Dutch intelligence agencies AIVD and MIVD, reportedly found that Cozy Bear's headquarters was a university building near the Red Square.
According to a report by Dutch newspaper de Volkskrant and broadcaster Nieuwsuur, AIVD was able to hack into a security camera located outside the building, which allowed them to take photos of everyone entering and exiting the facility. AIVD also compared the photos with the images of known Russian spies to identify potential members of the hacker group, Volkskrant reported.
AIVD reportedly alerted the CIA and the NSA about Cozy Bear's hacking activities throughout the 2016 election. According to the report, the Dutch intelligence agency also likely contributed to the FBI's investigation into Russia's alleged attempt to influence the 2016 US election.
AIVD also reportedly alerted US authorities about Russia's attack on the US State Department's unclassified computers in 2014. The massive attack took around 24 hours to mitigate. According to the report, later in the year, Russian hackers targeted the White House computer networks – the attack was also detected by the Dutch intelligence agency, which then informed US authorities.
According to the report, AIVD no longer has access to Cozy Bear hacker's network, although it is still unclear as to what caused the cyberespionage campaign to come to an end.