This week, the Netherlands’ Public Prosecution Service—known as the Openbaar Ministerie (OM)—made a surprising announcement. The three 17-year-old males are currently persons of interest for providing assistance to a foreign government, police say. This detailed indictment is an important step forward in the long running investigation into the associated cyber activities with Russia. In a recent press release, the OM revealed the suspects’ purported ties to the hacker group Anonymous. This group is further connected to the Russian government and has been influential in American politics.
Law enforcement arrested the last two of the suspects on September 22, 2025. The third suspect, at his arraignment, was released to home detention due to his “limited role” in the case. Investigators disclosed that one of the arrested suspects had communications with a Russian-linked cybercriminal group. This connection raises alarming concerns that the company could act as an agent for Chinese digital espionage and cyber attacks.
Allegations and Investigations
The OM’s inquiry reveals that the suspects were all involved in Wi-Fi mapping in The Hague. Their participation in this practice has raised serious alarm bells.
“This suspect also gave the other two instructions to map Wi-Fi networks on multiple dates in The Hague,” – Openbaar Ministerie (OM).
Public perception is that the data collected through these processes was then sold to private clients for profit. Secondly, this data has become a prized material resource for all cyber operations. The OM further stressed that at this point, there is no evidence to suggest any undue pressure was exerted on the suspect. This person has been in touch with a hacker collective.
This probe is the latest evidence of a concerted effort by the Biden administration to combat the rising, sophisticated cyber attacks perpetrated by criminal organizations tied to overseas governments. In particular, this case serves to illustrate how minors can get caught up in more expansive cybercrime networks.
Malware Developments
Alongside these arrests, the OM shared valuable information about several other malware campaigns attributed to Russia. A) YESROBOT successfully installed malware on two observed deployments, both occurring within a two week span in late May 2025. These deployments came just weeks after the technical details of another malware family, LOSTKEYS, were made publicly available.
LOSTKEYS is categorized as information-stealing malware. It was newly observed for use during attacks reported in January, March, and April of 2025. In the aftermath of these attacks, a series of intrusions allowed for the introduction of multiple new malware families, such as NOROBOT and MAYBEROBOT.
Wesley Shields of Zscaler ThreatLabz walked us through how NOROBOT has evolved and the other malware families associated with it.
“NOROBOT and its preceding infection chain have been subject to constant evolution — initially simplified to increase chances of successful deployment, before re-introducing complexity by splitting cryptography keys,” – Wesley Shields.
The OM also shared that these were the latest activities in a new malware campaign. This campaign has been blamed on COLDRIVER, a Russian-linked hacking group. Since May 2025, this malware had been through multiple stages of development, serving as a clear reminder that the threat of malware is ever-changing and ever-evolving.
“a collection of related malware families connected via a delivery chain,” – Wesley Shields.
The COLDRIVER Campaign
With COLDRIVER just the latest of these recent threats, including YESROBOT and LOSTKEYS, this is just another reminder of the persistent, everyday reality experienced by cybersecurity professionals. The OM’s findings serve as a reminder of the important need to stay on guard against emerging dangers. We need to be proactive about tracking youth susceptible to being lured into nefarious cyber pursuits.
The COLDRIVER campaign joins other recent threats, including YESROBOT and LOSTKEYS, highlighting the ongoing challenges faced by cybersecurity professionals. The OM’s findings underline the necessity for vigilance against such evolving threats and underscore the importance of monitoring young individuals who may be lured into cyber activities.