Home News Investigation Underway: Chinese Hackers Suspected in Belgian Intelligence Breach
News

Investigation Underway: Chinese Hackers Suspected in Belgian Intelligence Breach

The Belgian federal prosecutor’s office is currently investigating a significant data breach at the State Security Service (VSSE), with suspicions pointing towards Chinese state-backed hackers. The breach, which occurred between 2021 and May 2023, involved the unauthorized access to the VSSE’s external email server, compromising around 10% of all emails exchanged by the agency’s staff.

Key Points of the Breach

  • Vulnerability Exploited: The hackers exploited a zero-day vulnerability in Barracuda’s Email Security Gateway (ESG) appliance, which was used by the VSSE for email security.
  • Data Compromised: The breach primarily affected emails exchanged with external entities like public prosecutors, government ministries, and law enforcement. Additionally, internal HR communications were compromised, potentially exposing sensitive personal data such as identity documents and CVs of nearly half of the VSSE’s staff and past applicants.
  • Impact and Response: The VSSE stopped using Barracuda’s services following the breach and advised affected staff to renew their identification documents to mitigate identity fraud risks. Despite the breach, there is no evidence of stolen data being sold on the dark web or any ransom demands.
  • Ongoing Investigation: The federal prosecutor’s office initiated a judicial investigation in November 2023, but it is too early to draw conclusions. The VSSE remains tight-lipped about the incident, citing its secrecy.

Historical Context

This is not the first instance of Chinese state-backed hackers targeting Belgium. In July 2022, the country’s Minister for Foreign Affairs accused Chinese threat groups (APT27, APT30, APT31, and Gallium) of attacking Belgium’s defense and interior ministries. The Chinese Embassy in Belgium denied these allegations, citing a lack of evidence.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

News

19 Billion Passwords Leaked in 2024: How to Secure Your Accounts Now

Since April 2024, over 19 billion passwords have been compromised and leaked...

News

UK Unleashes £1bn Cyber Warfare Command to Counter Russia and China

The UK government has announced a major military upgrade focused on cyber...

News

WhatsApp Spyware Case: NSO Group on the Brink as Damages Trial Begins

NSO Group Faces Potential ‘Tens of Millions’ in Damages in WhatsApp Spyware...

News

AI Safety Crisis: New Attack Method Generates Weapons Guides Across All Major Models

Security researchers have uncovered a critical vulnerability affecting all major large language...