The Dutch Public Prosecution Service have been taken off-line since a few days: Citrix Netscalers I don't know whether there are articles in English; I have only articles in Dutch. There are lots of articles in Dutch about the issue. First of all the Dutch "Public Prosecution Service" is called in Dutch "Openbaar Ministerie" (OM). Site: https://www.om.nl/ Article there in Dutch from 18-07-2025 | 17:49 Onderzoek naar aanleiding van signaal NCSC https://www.om.nl/actueel/nieuws/2025/07/18/onderzoek-naar-aanleiding-van-signaal-ncsc More articles in Dutch: Security.nl : Openbaar Ministerie koppelt digitale omgeving los van internet vanwege kwetsbaarheid https://www.security.nl/posting/896...geving los van internet vanwege kwetsbaarheid Newspaper NRC : Digitale werkomgeving Openbaar Ministerie nog steeds uit de lucht https://www.nrc.nl/nieuws/2025/07/1...r-ministerie-nog-steeds-uit-de-lucht-a4900727 The questions (among other questions): Did the OM patched there systems? And if so, when? Was the digital infostructure already compromised? And if so, for how long, and by who? It looks like that the Citrix Bleed 2 was already known. Was Citrix really open about it in public, and since when? See article at BleepingComputer from July 17, 2025 Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks https://www.bleepingcomputer.com/ne...d-weeks-before-pocs-as-citrix-denied-attacks/
They said today that it could take weeks before they will get back online. Articles in Dutch: NOS, the public broadcaster, today: OM mogelijk nog weken afgesloten van internet: 'Heel veel printen' https://nos.nl/artikel/2575857 Message from the OM, today: Werk OM mogelijk komende weken nog verstoord https://www.om.nl/actueel/nieuws/2025/07/21/werk-om-mogelijk-komende-weken-nog-verstoord Quote in Dutch:
The systems of the OM were indeed hacked. Dutch newspaper NRC reveals it. It was a closed meeting by the OM, but NRC got the news somehow. NRC - 22 july 2025 Digitale werkomgeving OM inderdaad gehackt, onderzoek moet uitwijzen welke informatie is gestolen https://www.nrc.nl/nieuws/2025/07/2...twijzen-welke-informatie-is-gestolen-a4901019 Quote in Dutch: The OM refuses to comment, according to NRC:
According to article at security.nl there are 1500 servers at the OM. Checking, cleaning, etc is going to take weeks. https://www.security.nl/posting/897601/NRC: inbraak bij Openbaar Ministerie via Citrix NetScaler-lek In Dutch:
The news isn't getter better, now about the "Custodial Institutions Agency". First a little explanation. The Custodial Institutions Agency is called in Dutch "Dienst Justitiële Inrichtingen" (DJI). That agency is "part" of the Justice Department, and is responsible for prisons etc. Today the Justice Department announced that they are now also investigating whether the systems of the DJI are also involved; the DJI uses also those Citrix systems. In Dutch: "Onderzoek informatiebeveiliging" Press Release 29-07-2025 https://www.dji.nl/actueel/nieuws/2025/07/29/onderzoek-informatiebeveiliging Now this part of that Press Release, in Dutch, quoting: "De systemen zijn erg groot en wat precies gezocht moet worden is niet duidelijk. Zie het als het zoeken van een speld in een hooiberg terwijl je eigenlijk niet weet hoe de speld eruitziet." So, they don't know what exactly to look for in those big systems. And they say, translated, "it’s a needle in a haystack". And they are responsible for the prisons ...
