While AVID and the Dutch Police have not come out in front describing who or what threat actors breached Police systems, the evidence seems to show that a Russian intelligence agency was behind the attack. In all of this, there are two important lessons that defenders should note: 1) the critical role vulnerability management and inventory play in a security program 2) the necessity of threat hunting. On multiple occasions, advanced threat actors have been seen exploiting older known vulnerabilities against legacy systems as a pivot point to attack larger networks. If these systems are not receiving patches or will not receive patches for the future but are still required in production, include these systems logs into a SIEM or logging solution. Threat hunting is built on data from many different sources. Building detections for legacy systems can provide organizations a way to be aware when those systems are being interacted with suspiciously.

https://therecord.media/russian-hackers-breached-dutch-police-systems-in-2017/